Wonga hack: payday loan firm suffers massive data breach

Nearly 245,000 UK customers may have had their data stolen

Nearly a quarter of a million UK Wonga customers may have had their data stolen in what could be one of the biggest data breaches in the country's history.

The payday lender began contacting customers on Saturday 8 April after detecting what it has described as "illegal and unauthorised access to the personal data of some of its customers".

IT Pro understands the hack has affected 245,000 UK customers, and 25,000 Poland customers.

Stolen information includes names, email and postal addresses, phone numbers, bank account numbers and sort codes, and the last four digits of bank card numbers, Wonga confirmed.

At this point, it's unclear if the stolen data was encrypted or not, nor how the attackers were able to gain access IT Pro has contacted the organisation for clarification of these points, and Wonga said it is "urgently investigating" the breach.

In an FAQ for customers the company said: "We do not believe your Wonga account password was compromised and believe your account should be secure, however if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals."

The company also advised customers to contact their banks to alert them to the fact they may have been affected by the breach and ask for extra attention to be paid to their accounts in case of any suspicious activity.

This could be the largest ever data breach affecting a UK financial institution. Its magnitude is also apparently greater than the TalkTalk hack, which triggered the greatest fine ever issued by the Information Commissioner's Office (ICO), by nearly 100,000 people.

A Wonga spokesperson said in a statement to IT Pro:"Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland. We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused."

Wonga has informed the UK's data protection watchdog, the Information Commissioner's Office (ICO), as well as the police and the Financial Conduct Authority.

The security industry reacts

Wonga has been praised for its apparent quick reaction to the breach and rapid notification of customers, but some questioned the nature of the company's response.

Marc Agnew, vice president of ViaSat Europe, said: "Reacting to an attack appropriately is vital; from isolating and identifying the origin, to taking stock of what has been stolen or affected and making sure those who have been put at risk are notified and protected as soon as possible.

"By the looks of it, Wonga's customers were alerted in a timely manner and should be well informed enough to take action. This is all Wonga can do at this stage, but it'll be interesting to see what happens next and how serious an attack this turns out to be."

Gavin Millard, technical director EMEA of Tenable Network Security, questioned one piece of advice given by Wonga to its customers.

"Whilst Wonga's post breach FAQ states they 'don't believe your Wonga account password was compromised', I would strongly advise changing this password wherever it has been reused," Millard said.

"A favourite trick by scam artists is to use the data swiped to build up trust and credibility with a target to then request further information they don't have, so customers should be extra careful dealing with unsolicited calls irrelevant of who they claim to be," he added.

Those concerned they may have been affected by the breach can get more information from Wonga's Incident FAQ, which can be found here.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020