April 10th 2016
Payday lender Wonga has admitted that the personal data of some 270,000 customers – of which 245,000 are in the UK – has been stolen in a data breach. The balance of the customers affected are thought to be in Poland.
Wonga says that customer names, email addresses, home addresses, and telephone numbers may have been accessed, along with the last four digits of card number and/or bank account number and sort code.
A statement on the site reads: “We believe there may have been illegal and unauthorised access to the personal data of some of our customers.”
The company apologises for the incident, and offers advice in an ‘Incident FAQ’ section on its website, but this appears to offer inconsistent advice.
The advice in question reads: “We believe that your account is secure and you do not need to take any action, but goes on to say “if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals.”
Affected customers have also received a letter which includes: “Exercise vigilance: Beware of scammers or unusual online activity. Be cautious of anyone who calls you and asks you to disclose any personal information regardless of where they say they are from. If this happens, we recommend that you hang up.”
The company also says that it is informing customers' banks of the situation to aid fraud prevention.
Advice to Wonga customers affected by the breach
– Change the password you use for your Wonga account immediately.
– If the password you've used for the compromised account is being used elsewhere, change it immediately. You could consider using three random words – with a combination of numbers, symbols and upper and lower case characters – to create a strong password.
– If any of your financial details were compromised, notify your bank or card company as soon as possible. Review your financial statements regularly for any unusual activity.
– Criminals can use personal data obtained from a data breach to commit identity fraud. Consider using credit reference agencies such as Experian or Equifax, to monitor your credit file for any unusual activity.
– If you have been a victim of fraud or cybercrime, please report it to Action Fraud on 0300 123 2040, or visit www.actionfraud.police.uk
This breach reinforces our advice to not use the same password for more than one online account. If you can’t remember all your different passwords, consider using one of the online password vaults or safes available.