Payday lender Wonga admits to data breach

270,000 customers advised not to worry but also to watch out for odd transactions and ponder password refresh


Payday lender Wonga has advised 270,000 customers of a data breach and offered inconsistent advice about the severity of the incident and how to respond.

An “incident FAQ” on the company's site says “We believe there may have been illegal and unauthorised access to the personal data of some of our customers.” The Reg understands 270,000 customers are potentially at risk, 245,000 of them in the UK.

Wonga says the data that parties unknown have accessed “may have included one or more of the following: name, e-mail address, home address, phone number, the last four digits of your card number (but not the whole number) and/or your bank account number and sort code.”

The FAQ offers contradictory advice on the incident, offering assurances that “We believe that your account is secure and you do not need to take any action" but also says “if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals.”

The FAQ, and a letter sent to affected customers, also offers the following advice:

Exercise vigilance: Beware of scammers or unusual online activity. Be cautious of anyone who calls you and asks you to disclose any personal information regardless of where they say they are from. If this happens, we recommend that you hang up.

The Register has asked Wonga to clarify why customers need to keep an eye on “unusual activity” if their accounts remain secure and why they might experience inbound scam calls at this time.

Wonga says it is informing customers' banks of the situation, to help them detect any fraud.

The FAQ also asks the question “How did this happen in the first place and what measures are you taking to ensure that this does not re-occur?” and offers the following as a response:

  • We take issues of customer data and security extremely seriously.
  • Cyber attacks are, unfortunately, on the rise. While Wonga operates to the highest security standards, these illegal attacks are unfortunately increasingly sophisticated.
  • We sincerely apologise for the inconvenience and concern this has caused.

Which The Register rates a masterpiece of evasion and obfuscation, even among the deluges of press releases and non-answers we receive each day.

Wonga charges annual interest rates of 1,509 per cent (yes, one thousand five hundred and nine per cent) for short-term loans designed to tide people over until payday. The company justifies its interest rates on grounds of convenience and value.

The PR people have made contact again hours after this article was published:

"Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland. We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused." ®

Similar topics

Broader topics


Other stories you might like

  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading
  • UK government having hard time complying with its own IR35 tax rules
    This shouldn't come as much of a surprise if you've been reading the headlines at all

    Government departments are guilty of high levels of non-compliance with the UK's off-payroll tax regime, according to a report by MPs.

    Difficulties meeting the IR35 rules, which apply to many IT contractors, in central government reflect poor implementation by Her Majesty's Revenue & Customs (HMRC) and other government bodies, the Public Accounts Committee (PAC) said.

    "Central government is spending hundreds of millions of pounds to cover tax owed for individuals wrongly assessed as self-employed. Government departments and agencies owed, or expected to owe, HMRC £263 million in 2020–21 due to incorrect administration of the rules," the report said.

    Continue reading

Biting the hand that feeds IT © 1998–2022