The payday loan firm Wonga is the latest organisation to suffer a major data breach, affecting over two hundred thousand customers.
On top of this, a further 25,000 customers in Poland might have also been affected.
The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes. Having these financial details stolen is typically unusual when comparing to other data breaches seen in recent times, most notably Talk Talk’s.
The range of information stolen may also include the last four digits of customers’ bank cards, which is used by some banks in the account authorisation process.
>See also: 7 key lessons from TalkTalk’s data breach
Professor Alan Woodward, a cyber security expert at the University of Surrey, said it was “looking like one of the biggest” data breaches in the UK involving financial information.
In a statement the firm said it was “urgently investigating illegal and unauthorised access to the personal data of some of its customers”. And on Saturday it began contacting borrowers and was offering support via a dedicated phone line.
The lender identified the breach last week, but did not think data had been stolen. On Friday, however, it realised the situation was more serious that thought and began contacting customers.
Wonga doesn’t believe the cyber attackers had gained access to customer’s accounts, but it is advisable for customers to change accounts.
>See also: Five keys to preparing for a data breach
Kevin Cunningham, president & co-founder at SailPoint, said “this data breach from Wonga shows that incidents are an everyday occurrence that businesses must counteract or risk a significant impact to their bottom-line as well as customer loyalty.”
“Businesses house more and more sensitive data, therefore everyone from the executive level down needs to ensure there is a collaborative effort from internal staff to protect sensitive customer information and ultimately, the health and longevity of the company.
“In today’s market, it’s a matter of when, not if, a data breach will happen. So the most important factors are prevention, education, and rapid response. When a breach does happen, it’s important to quickly find out how and why it occurred, assess the damage and required response, and put IT controls in place to address future attacks. This is where identity and access management solutions can help, because they can address the immediate pain while also identifying – and mitigating – other areas of exposure.”