Customers of the UK payday loan firm Wonga were warned that their personal details might have been stolen. The company explained that it was investigating illegal access to the personal data of its customers in the United Kingdom and Poland. According to the current information, 270,000 new and former customers, of which 245,000 are in the United Kingdom, could have been affected by the data breach.
Wonga offers 3-month loans priced at 1,286% APR and short-term 1,509% APR deals. The company started to contact borrowers last week, telling them there might have been illegal access to some of their personal data on Wonga.com account and offering them support via a dedicated phone line.
Wonga is warning affected customers to be “extra vigilant” and to alert their bank of potential risk — though it says it will also be contacting financial institutions about the breach.
Wonga said that the compromised data might have included name, email address, home address, phone number, the last 4 digits of a card number and/or bank account number and sort code. The company also believes that Wonga accounts had not been compromised, but customers were recommended to look out for unusual activity there.
This incident may completely destroy reputation of Wonga, which has been criticized for a series of controversies in recent years. The company advertised heavily on TV and via football sponsorships, but the financial regulator has found it issuing loans to customers who could not afford to repay them. Wonga was also found to have chased bad debts with letters from a fake law firm.
According to information disclosed by Wonga, after the introduction of tougher rules on lending it made a pre-tax loss of £80.2m in 2016, up from £38.1m the year before. The company website contains no information about the breach and carries its usual information on how to apply for its loans.
In a statement a spokesperson for the company told us: “Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland. We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.”
There are no details about how the breach happened at this point, with Wonga saying only on its website that it is “urgently working to establish further details” and making a generic statement about the rise of “increasingly sophisticated” cyberattacks.