Payday loan giant Wonga HACKED!
On 8th April 2017, Wonga sent its clients correspondence stating that it had fallen victim to hackers who stole confidential information belonging to its customers. The hackers made away with the names, addresses, bank account numbers, phone numbers and sort code numbers of over a quarter million Wonga customers. The hackers are also believed to have accessed the last 4-digits of bank cards belonging to 270,000 Wonga customers.
According to the correspondence released by Wonga, the lender doesn’t think Wonga account passwords were compromised but advised clients to change their passwords. Customers have also been advised to be on the lookout for suspicious activity on all bank accounts as well as online portals. Wonga has also contacted all financial institutions believed to have been affected directly or indirectly by the hacking.
Wonga began contacting customers after discovering the severity of the breach on 7th April 2017. The breach is believed to have taken place late March 2017. The firm has already established a help line (0800 3166 745) to assist borrowers who may want to contact the lender for more information or guidance.
Wonga is currently in the process of investigating the hacking which it terms as illegal and unauthorised access to personal information of some of its clients. The hacking is believed to have affected Wonga customers in the UK and Poland. Approximately 245,000 UK customers and 25,000 Poland customers have been affected.
The lender has already apologised for any inconvenience caused and is in the process of informing all affected customers. Wonga is also working closely with the police to bring the culprits behind the attack to book.
Although Wonga is already in a mess trying to contain the effects of the data breach, the lender is expected to face the office of the ICO (Information Commissioner’s Office). If the ICO finds Wonga’s data security measures inadequate, the Lender could face a hefty fine.
Wonga could suffer the same fate as UK telecom provider TalkTalk which paid £400,000 for being unable to prevent a systems breach which compromised personal information of approximately 157,000 customers back in October 2015. Given Wonga’s breach affects almost twice the number of people and it spans across borders, Wonga may face a stiffer penalty if found guilty by the ICO.
This is on top of the fact that Wonga is set to spend millions of pounds securing its systems among other costs incurred responding to the incident. Wonga’s revenues are also expected to drop as some customers choose other lenders with better data security measures.
Considering the lender doesn’t appear to be sure about how the breach occurred, some customers are expected to jump ship reducing the projected earnings significantly. This attack doesn’t help considering Wonga has been in the news again for the wrong reasons.
Back in 2012-2013, Wonga was the subject of a massive identity crime case involving A Nurse, Sherene Bascoe that saw customers scammed £3 million. Wonga’s faulty site algorithms allowed scammers to submit 19,000+ payday loan applications using a single password, ”Bengali90”. The identity theft gang responsible requested for payday loans using stolen identities leaving innocent Wonga customers with payday loans they hadn’t signed up for.
The £3 million scam was successful because of Wonga’s faulty site algorithms. Although the masterminds of the scam paid the price, Wonga is yet to learn how to safeguard its client’s personal information. Considering there is an investigation underway and Wonga has had a troubling data security history, 2017 doesn’t look good for UK’s biggest payday loan lender.