Wonga Data Breach Compromised around 270,000 Customer’s Personal Information

Media Division | April 10, 2017

Cyber attacker’s targets can vary quite widely, but financial institutions can be extremely high-value targets for them.  Due to the large amount of funds and personal customer data that they can hold, they become a treasure trove of illicit gains for hackers.  Some attackers may not even go directly for the funds of these organizations, but rather right for the customer data, being that it can be used for a wide variety of malicious purposes, including fraud and identity theft. This appears to be the case in a recent large data breach of Wonga, a payday lending organization.

Information Affected in the Breach

It appears that around 270,000 customer’s information was affected in the large breach, with 245,000 of those being in the UK, and the remaining 25,000 residing in Poland.  The information affected in the breach included names, addresses, email addresses, phone numbers, bank account numbers, sort codes, and potentially the last four digits of their bank cards.  Wonga had apparently first become aware of the breach last week but did not believe any data to be affected. But by Friday, they had realized that the breach was more serious than was previously thought, and they then began contacting affected customers on Saturday via email and text.

Wonga’s approach to the breach has appeared to be somewhat unclear.  Their incident FAQ displays conflicting information, stating that they believe accounts are secure and no action is needed, but then warns customers to look for an unusual activity on their accounts.  The FAQ and the letter sent to affected customers both state, “Exercise vigilance: Beware of scammers or unusual online activity. Be cautious of anyone who calls you and asks you to disclose any personal information regardless of where they say they are from. If this happens, we recommend that you hang up.”  It is unclear if these conflicting statements are simply to make the breach seem less, or perhaps the first statement was from before they realized the severity.  It does not appear that Wonga has released any data in regard to the origin or methods of the attack.

Obviously, no time is good for a cyber attack, but this comes at a particularly bad time for Wonga.  They were already working to come back from a series of scandals, including one in which they were using fake law firm letters to chase up debts.  A data breach can be extremely crippling to an organization as it is, and more so when they are already under the spotlight.  At this time, it appears that Wonga is putting in a somewhat half-hearted attempt to address the breach and the concern of customers.

The Purpose of Data Breach Solutions

As mentioned above, a data breach can be extremely crippling to an organization, and the reality is that they can cause an organization to crumble if not properly mitigated.  A data breach needs to be addressed through a series of steps, including handling the immediate security, as well as PR factors.  There is, of course, the immediate issue of the informational loss, but there is also the impact upon reputation and customer trust, which can do long-term damage.  An organization must display that they are applying proper data breach solutions to the incident to help build back the trust of their customers.  Massive Alliance’s wide array of data breach solutions can assist an organization in properly handling an incident and rebuilding from the damage.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.