Up to 245,000 Wonga customers may have been affected by a massive data breach that allegedly led to the theft of sort codes, account numbers, names, and addresses.
The number of affected customers could be as high as 270,000 when taking into account customers outside of the UK, 25,000 of whom are located in Poland.
On an information and FAQ page provided by Wonga, the loans firm said: “We believe there may have been illegal and unauthorised access to the personal data of some of our customers.”
Despite the anxiety-limiting approach by Wonga to informing customers, the involvement of financial information in the breach makes the matter all the more severe. As reported by the BBC, Professor Alan Woodward, a cybersecurity expert and the University of Surrey said that this breach was “looking like one of the biggest” of its kind seen in the UK.
The payday loan provider shared a message of precaution on the same page, deflating the original concern surrounding the breach. Wonga said: “We do not believe your Wonga account password was compromised and believe your account should be secure, however if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals.”
This data breach joins a growing chain of incidents that are also increasing in frequency. Only recently The Association of British Travel Agents (ABTA) sustained a major cyber-attack which left up to 43,000 people at risk.
Kevin Cunningham, president and co-founder of SailPoint said: “This data breach from Wonga shows that incidents are an everyday occurrence that businesses must counteract or risk a significant impact to their bottom-line as well as customer loyalty.”
With the stream of breach attempts turning into a torrent, it is becoming more and more necassart that all areas are secure, and that everyone is on the same page regarding cyber security.
Mr Cunningham said: “Businesses house more and more sensitive data, therefore everyone from the executive level down needs to ensure there is a collaborative effort from internal staff to protect sensitive customer information and ultimately, the health and longevity of the company.”
This latest major data breach will fan the flames of the current atmosphere surrounding data breaches, and will ramp up the pressure on finding a way to handle this persistent threat.
David Emm, principle security researcher at Kaspersky Lab said: “This is yet another case of a data breach, further underlining the need for regulation. It’s to be hoped that GDPR (General Data Protection Regulation), which comes into force in May 2018, will motivate firms to, firstly, take action to secure the customer data they hold, and secondly, to notify the ICO of breaches in a timely manner.”