Wonga, the payday loan firm, has suffered a data breach which may have affected about 245,000 customers in the UK.
The range of information stolen may include names, e-mail addresses, home addresses, phone numbers, bank account numbers, sort codes and the last four digits of customers’ card numbers.
The firm has apologised for inconvenience it caused to its customers and offered support through a devoted phone line.
“Wonga’s stock with the general public has never been particularly high, but this breach will see it fall even further. It is simply the latest name in a long list of data breach victims that will come to realise that the reputational impact of a breach is more damaging than anything the ICO can do to them, or the cybercriminals themselves for that matter.
“The stakes are so high that organisations need to treat cyber-attack not only as a threat, but as an inevitability. Organisations must therefore ensure that all customer data is encrypted, not just the passwords and card details, so that any stolen data is essentially worthless. Inadequately protecting customer data can create massive problems for enterprises and consumers alike. Reacting to an attack appropriately is vital; from isolating and identifying the origin, to taking stock of what has been stolen or affected and making sure those who have been put at risk are notified and protected as soon as possible. By the looks of it, Wonga’s customers were alerted in a timely manner and should be well informed enough to take action. This is all Wonga can do at this stage, but it’ll be interesting to see what happens next and how serious an attack this turns out to be.” -Marc Agnew, Vice President, ViaSat Europe
“Wonga’s data breach demonstrates the importance of setting up a firm set of internal controls to ensure that security measures are implemented and verified on a regular basis. The good news is they have discovered the breach, but they have not said when it first occurred so it may have been ongoing for some time. 100% security is impossible so how Wonga respond and the details they release will be telling about how good its security really is, and what kind of sanctions they could expect from the ICO.” - David Mytton, founder and CEO of Server Density, a server monitoring SaaS company