Wonga hack: payday loan firm suffers massive data breach

Nearly 245,000 UK customers may have had their data stolen

Nearly a quarter of a million UK Wonga customers may have had their data stolen in what could be one of the biggest data breaches in the country's history.

The payday lender began contacting customers on Saturday 8 April after detecting what it has described as "illegal and unauthorised access to the personal data of some of its customers".

IT Pro understands the hack has affected 245,000 UK customers, and 25,000 Poland customers.

Stolen information includes names, email and postal addresses, phone numbers, bank account numbers and sort codes, and the last four digits of bank card numbers, Wonga confirmed.

Advertisement - Article continues below
Advertisement - Article continues below

At this point, it's unclear if the stolen data was encrypted or not, nor how the attackers were able to gain access IT Pro has contacted the organisation for clarification of these points, and Wonga said it is "urgently investigating" the breach.

In an FAQ for customers the company said: "We do not believe your Wonga account password was compromised and believe your account should be secure, however if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals."

The company also advised customers to contact their banks to alert them to the fact they may have been affected by the breach and ask for extra attention to be paid to their accounts in case of any suspicious activity.

This could be the largest ever data breach affecting a UK financial institution. Its magnitude is also apparently greater than the TalkTalk hack, which triggered the greatest fine ever issued by the Information Commissioner's Office (ICO), by nearly 100,000 people.

A Wonga spokesperson said in a statement to IT Pro:"Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland. We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused."

Wonga has informed the UK's data protection watchdog, the Information Commissioner's Office (ICO), as well as the police and the Financial Conduct Authority.

Advertisement - Article continues below

The security industry reacts

Wonga has been praised for its apparent quick reaction to the breach and rapid notification of customers, but some questioned the nature of the company's response.

Marc Agnew, vice president of ViaSat Europe, said: "Reacting to an attack appropriately is vital; from isolating and identifying the origin, to taking stock of what has been stolen or affected and making sure those who have been put at risk are notified and protected as soon as possible.

"By the looks of it, Wonga's customers were alerted in a timely manner and should be well informed enough to take action. This is all Wonga can do at this stage, but it'll be interesting to see what happens next and how serious an attack this turns out to be."

Advertisement - Article continues below

Gavin Millard, technical director EMEA of Tenable Network Security, questioned one piece of advice given by Wonga to its customers.

"Whilst Wonga's post breach FAQ states they 'don't believe your Wonga account password was compromised', I would strongly advise changing this password wherever it has been reused," Millard said.

Advertisement - Article continues below

"A favourite trick by scam artists is to use the data swiped to build up trust and credibility with a target to then request further information they don't have, so customers should be extra careful dealing with unsolicited calls irrelevant of who they claim to be," he added.

Those concerned they may have been affected by the breach can get more information from Wonga's Incident FAQ, which can be found here.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
web browser

Microsoft developer declares it's time to ditch IE for Edge

23 Jan 2020