Wonga hack: payday loan firm suffers massive data breach

Nearly 245,000 UK customers may have had their data stolen

Nearly a quarter of a million UK Wonga customers may have had their data stolen in what could be one of the biggest data breaches in the country's history.

The payday lender began contacting customers on Saturday 8 April after detecting what it has described as "illegal and unauthorised access to the personal data of some of its customers".

Advertisement - Article continues below

IT Pro understands the hack has affected 245,000 UK customers, and 25,000 Poland customers.

Stolen information includes names, email and postal addresses, phone numbers, bank account numbers and sort codes, and the last four digits of bank card numbers, Wonga confirmed.

At this point, it's unclear if the stolen data was encrypted or not, nor how the attackers were able to gain access IT Pro has contacted the organisation for clarification of these points, and Wonga said it is "urgently investigating" the breach.

In an FAQ for customers the company said: "We do not believe your Wonga account password was compromised and believe your account should be secure, however if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals."

The company also advised customers to contact their banks to alert them to the fact they may have been affected by the breach and ask for extra attention to be paid to their accounts in case of any suspicious activity.

Advertisement - Article continues below
Advertisement - Article continues below

This could be the largest ever data breach affecting a UK financial institution. Its magnitude is also apparently greater than the TalkTalk hack, which triggered the greatest fine ever issued by the Information Commissioner's Office (ICO), by nearly 100,000 people.

A Wonga spokesperson said in a statement to IT Pro:"Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland. We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused."

Wonga has informed the UK's data protection watchdog, the Information Commissioner's Office (ICO), as well as the police and the Financial Conduct Authority.

The security industry reacts

Wonga has been praised for its apparent quick reaction to the breach and rapid notification of customers, but some questioned the nature of the company's response.

Marc Agnew, vice president of ViaSat Europe, said: "Reacting to an attack appropriately is vital; from isolating and identifying the origin, to taking stock of what has been stolen or affected and making sure those who have been put at risk are notified and protected as soon as possible.

Advertisement - Article continues below

"By the looks of it, Wonga's customers were alerted in a timely manner and should be well informed enough to take action. This is all Wonga can do at this stage, but it'll be interesting to see what happens next and how serious an attack this turns out to be."

Gavin Millard, technical director EMEA of Tenable Network Security, questioned one piece of advice given by Wonga to its customers.

"Whilst Wonga's post breach FAQ states they 'don't believe your Wonga account password was compromised', I would strongly advise changing this password wherever it has been reused," Millard said.

"A favourite trick by scam artists is to use the data swiped to build up trust and credibility with a target to then request further information they don't have, so customers should be extra careful dealing with unsolicited calls irrelevant of who they claim to be," he added.

Those concerned they may have been affected by the breach can get more information from Wonga's Incident FAQ, which can be found here.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020

Phishing attacks target unsuspecting Wells Fargo customers

24 Jun 2020

Trump administration wants to enhance the security of .gov sites

24 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020