Wonga, a prominent UK payday loan firm, has warned 270,000 of its customers that their accounts may be at risk following a data breach.
The company reportedly discovered the breach last week but only realised that customers’ account details were at risk on Friday 7th and then began notifying them the following day. More than 245,000 UK customers have been notified in addition to 25,000 in Poland.
A company spokesperson told news website TechCrunch that “Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland. We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused”.
As of yet, no details have emerged as to the cause of the breach but customers have been warned that personal data ranging from name and address to bank account details and sort codes could be at risk. But Wonga has also stated that it does not believe any passwords were stolen.
The notification process for data breaches is likely to become a much more important issue next year when the EU’s revised Data Protection directive comes into force, under which all firms will be required to notify data protection authorities within 72 hours in the event of a data breach or face fines of up to €10 million or 2 percent of global turnover.
Wonga and other payday loan companies have suffered criticism in recent years for the high interest they charge on their short-term loans – sometimes exceeding an annual rate of 1,200 percent. And Wonga, through its investment in high-profile advertisig including shirt sponsorship with football teams, has been at the forefront of consumers’ disapproval.
Consequently there has been little sympathy for the company on social media with Twitter users saying that hackers are unlikely to find much to steal because Wonga “only preys on the poor and the vulnerable”, and “haven’t they stole enough already”.