Payday lender Wonga has admitted that more than a quarter of a million customers personal data may have been stolen in a data breach at the firm, and it was “urgently investigating illegal and unauthorised access to the personal data of some of its customers.”
Customers throughout the UK and a further 25,000 customers in Poland are thought to be affected. The company has declined to comment where the actual breach had taken place.
Wonga began contacting customers on April 8th, offering support through a dedicated phone service. It is thought the company became aware of the issue week commencing April 3rd, but did not realise that data could be accessed externally until Friday, April 7th.
The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes. Wonga accounts and passwords are thought not to have been compromised, but customers have been advised to look out for unusual activity across their accounts.
The data breach could make it one of the biggest cases involving a financial services company ever in the UK.
In a statement the firm said: “We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.”
A spokeswoman for the Information Commissioner’s Office said: “All organisations have a responsibility to keep customers’ personal information secure. Where we find this has not happened, we can investigate and may take enforcement action.”
The news of the data breach couldn’t have come at a worse time for Wonga, who have been rebuilding their reputation following a series of controversies.
In 2014, UK financial regulators found it had made loans to customers who could not afford to repay them, and chased debts with letters from a fake law firm, while in 2015 the firm saw its losses double when the Financial Conduct Authority (FCA) took on stewardship of the sector.
Results show that the firm made a pre-tax loss of £80.2 million in 2015, up from £38.1 million the year before.