Payday loan firm Wonga says it is “urgently investigating” a potential data breach that could have affected up to 270,000 customers.
The company says the hack involved “illegal and unauthorised access” to the personal data of current and former customers in both the UK and Poland, with up to 245,000 UK borrowers potentially affected.
It remains unclear where the hack took place, but Wonga is said to have known of the attack for more than a week – though it initially didn’t believe data had been stolen.
Related: Best VPN
The lender has began making customers aware of the hack on Saturday, providing details of a dedicated customer services phone line.
Affected borrowers were informed that the data accessed may have included names, email addresses, home addresses, phone numbers, the last four digits of card numbers (but not the whole number) and/or bank account numbers and sort codes.
According to the firm, customers’ login details for their online accounts didn’t seem to have been stolen at this point.
In a statement, it said: “We do not believe your Wonga account password was compromised and believe your account should be secure, however if you are concerned you should change your account password.”
A message sent to those affected read: “We believe there may have been illegal and unauthorised access to some of your personal data on your Wonga.com account.”
The company also said in a statement that it was “working closely with authorities” and is “in the process of informing affected customers.”
The police, Information Commissioner’s Office (ICO), and the FCA have all been made aware of the suspected breach. with a spokesperson for the ICO telling The Guardian: “All organisations have a responsibility to keep customers’ personal information secure. Where we find this has not happened, we can investigate and may take enforcement action.”
If you’re concerned that you may have been affected, the company advises contacting your bank and asking them to be monitor for suspicious activity.
It also says customers should be more aware of online or telephone scams, and has set up a help page with advice, which can be found here.
Let us know what you think of the data breach in the comments.