Payday lender Wonga confirms data breach
UK Payday lender Wonga has issued a statement instructing customers to contact their banks as a matter of urgency, after confirming a data breach earlier on Sunday.
"We believe there may have been illegal and unauthorised access to the personal data of some of our customers," a statement issued by the company reads.
Personal details from hundreds of thousands of accounts may have been illegally accessed, with reports indicating this number could affect up to 270,000 current and former customers.
While the company is in the process of contacting those confirmed as impacted by the breach, Wonga said the exposed information may include a customer's name, email address, home address, phone number, the last four digits of a card number, bank account number, and sort code.
Wonga is still working to establish details on the breach, such as where it took place; however, it told customers to reset their passwords only if they are concerned as it believes accounts should be secure.
"We will be alerting financial institutions about this issue and any individuals impacted as soon as possible, but we recommend that you also contact your bank and ask them to look out for any suspicious activity," Wonga said.
"We also recommend that you look out for any unusual activity across any bank accounts and online portals."
Full card details were not taken, however.
Wonga used the statement to apologise to affected customers, and said it takes issues of customer data and security extremely seriously.
"Cyber attacks are, unfortunately, on the rise. While Wonga operates to the highest security standards, these illegal attacks are unfortunately increasingly sophisticated," the company said.
According to the Guardian, Wonga became aware of a problem last week, but only worked out on Friday that data could be accessed externally. The report said Wonga alerted authorities and started to contact borrowers on Saturday.
The Wonga breach comes just months after hackers stole £2.5 million from 9,000 online customers at Tesco Bank. The incident was blamed on a "systematic, sophisticated cyberattack" and remains under investigation by The National Crime Agency and the National Cyber Security Centre.
It was also reported earlier this year that a large-scale distributed denial-of-service attack blocked Lloyds Bank, Halifax, and Bank of Scotland customers from accessing online services.