Personal details of around 245, 000 UK customers of payday loan firm, Wonga have been breached after the company suffered from a breach.
The firm has warned more than a quarter of its million customers in the UK and Poland saying their names, addresses, email addresses, phone numbers, bank account numbers, sort codes and other card details including the last four digits of customers’ bank cards may have been accessed during the most damaging hacks in recent history. The last four digits are used by some banks as part of the login process for online accounts.
The lender, which offers loans at interest rates starting at 1,286% a year, became aware of a problem last week but did not realise until Friday that data could be accessed externally.
The online lender which provides short-term loans has been contacting borrowers since Saturday (April 15) and offering support through a dedicated phone line. The breach has affected almost up to 270,000 current and former customers including ones in the UK.
Customers who are thought to have been affected have received a message from the payday lender telling them: “We believe there may have been illegal and unauthorised access to some of your personal data on your Wonga.com account.” The company told its customers to look out for any “unusual activity” on their accounts.
Wonga will also be informing financial institutions about the breach. In particular, customers are told to be cautious about cold calls and emails asking for personal information.
The firm is “urgently investigating illegal and unauthorised access to the personal data of some of its customers”. Wonga’s website did not initially make mention of the hack. It now links out to a special help page that says the company is “urgently working to establish further details” of the incident.
There was no sign of the breach on the lender’s website, which carried its usual information on how to apply for its loans. It has alerted the police, the Information Commissioner’s Office (ICO) and the FCA. The ICO regulates firms’ use and care of people’s personal details, although financial services companies are not obliged to inform it of any breach. A spokesperson for the organisatio said: “All organisations have a responsibility to keep customers’ personal information secure. Where we find this has not happened, we can investigate and may take enforcement action.”
Payday loan companies have been criticised in recent years for preying on vulnerable people with extremely high interest loans.
The breach will be a blow to Wonga, which has in recent years attempted to improve its reputation following a series of controversies. The lender, which advertised heavily on TV and through football sponsorships was found by the financial regulator to have made loans to customers who could not afford to repay them and to have chased bad debts with letters from a fake law firm. New directors have replaced the firm’s original founders, a three-month loan launched alongside the short-term payday loan, and marketing has been changed to appeal to a better-off audience.
However, it has been hard hit by tougher rules on lending, introduced when the Financial Conduct Authority (FCA) took on stewardship of the sector. The latest set of results showed that the firm made a pre-tax loss of £80.2m in 2015, up from £38.1m the year before.