Payday loan firm Wonga are warning more than a a quarter of a million customers that their personal data may have been stolen in a data breach at the firm.
The online lender said it was “urgently investigating illegal and unauthorised access” to the personal data of some of its customers in the UK and Poland. It is understood that the breach could affect up to 270,000 current and former customers, including 245,000 in the UK. The company would not disclose where it had taken place.
The lender, which offers loans at interest rates starting at an extortionate 1,286% a year, became aware of a problem last week but did not realise until Friday that data could be accessed externally. It alerted the authorities and started to contact borrowers on Saturday to make them aware of the problem, and give details of a dedicated customer services phone line for those affected.
Customers who are thought to have been affected have received a message from the payday lender telling them:
“We believe there may have been illegal and unauthorised access to some of your personal data on your Wonga.com account.”
The message said that Wonga was working to establish the full details but data breached “may have included one or more of the following: name, email address, home address, phone number, the last four digits of your card number (but not the whole number) and/or your bank account number and sort code.”
It went on to say that the lender believed Wonga accounts and passwords had not been compromised, but customers were advised to look out for unusual activity across their accounts. In a statement the firm said:
“We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.”
The company has alerted the police, the Information Commissioner’s Office (ICO) and the FCA. The ICO regulates firms’ use and care of people’s personal details, although financial services companies are not obliged to inform it of any breach. A spokesperson for the organisation said:
“All organisations have a responsibility to keep customers’ personal information secure. Where we find this has not happened, we can investigate and may take enforcement action.”
The payday lender has set up a help page for affected customers. It advises them to:
- Alert their bank and ask them to look out for any suspicious activity. Wonga will also be informing financial institutions about the breach
- Watch out for scammers or unusual online activity. In particular, customers are told to be cautious about cold calls and emails asking for personal information
- Contact the Wonga helpline on 0207 138 8330 for further questions
