Personal and financial data of some 270,000 customers of UK payday loan firm Wonga have likely been pilfered in a data breach.
The data that was accessed by the attackers includes the name, e-mail address, home address, and phone number of around 245,000 customers in the UK and 25,000 customers in Poland, as well as the last four digits of their payment card number and/or their bank account number and sort code.
“We do not believe your Wonga account password was compromised and believe your [loan] account should be secure, however if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals,” the company advised users.
“We will be alerting financial institutions about this issue and any individuals impacted as soon as possible, but we recommend that you also contact your bank and ask them to look out for any suspicious activity.”
They’ve also warned users to be on the lookout for scammers looking to leverage the stolen information to gain more information or money directly from the users.
According to the BBC, the company noticed that something was amiss last week, but it took them until Friday to discover that customer data may have been compromised. The company started to inform customers of the breach on Saturday.
Potential long-term consequences for the firm and users
“Wonga’s stock with the general public has never been particularly high, but this breach will see it fall even further. It is simply the latest name in a long list of data breach victims that will come to realise that the reputational impact of a breach is more damaging than anything the ICO can do to them, or the cybercriminals themselves for that matter,” commented Marc Agnew, Vice President, ViaSat Europe.
“The stakes are so high that organisations need to treat cyber-attack not only as a threat, but as an inevitability. Organisations must therefore ensure that all customer data is encrypted, not just the passwords and card details, so that any stolen data is essentially worthless. Inadequately protecting customer data can create massive problems for enterprises and consumers alike. Reacting to an attack appropriately is vital; from isolating and identifying the origin, to taking stock of what has been stolen or affected and making sure those who have been put at risk are notified and protected as soon as possible. By the looks of it, Wonga’s customers were alerted in a timely manner and should be well informed enough to take action. This is all Wonga can do at this stage, but it’ll be interesting to see what happens next and how serious an attack this turns out to be.”
“While the organisation has stated that affected customers are unlikely to be at risk of theft, the fact remains that private personal information was compromised – posing a risk to customers,” André Stewart, VP EMEA at Netskope, pointed out.
“Data loss prevention needs to be a key priority for all businesses. The EU General Data Protection Regulation (GDPR) – set to come into effect in just over a year – will hold organisations accountable for their data practices. As a result, companies will be forced to take active measures to mitigate any threats to personal privacy, whether that data is stored on-premises or in the cloud. Any companies falling short of these standards could face hefty fines,” he also noted.