As posted on Wonga data breach could affect nearly 250,000 UK customers

Customers of payday loan firm Wonga are being warned that their personal data may have been stolen.

The lender said it was “urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland”. Up to 270,000 new and former customers, including 245,000 in the UK, could have been affected by the data breach, which was discovered on Friday.

The lender, which offers a three-month loan priced at 1,286% APR alongside its short-term 1,509% APR deal, said it started to contact borrowers on Saturday and was offering support via a dedicated phone line. Customers have received a message from the payday lender telling them: “We believe there may have been illegal and unauthorised access to some of your personal data on your Wonga.com account.”

The message said that the firm was working to establish the full details but data breached “may have included one or more of the following: name, email address, home address, phone number, the last four digits of your card number (but not the whole number) and/or your bank account number and sort code.”

It went on to say that the lender believed Wonga accounts had not been compromised, but customers were advised to look out for unusual activity across their accounts. In a statement the firm said: “We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.”

The breach will be a blow to Wonga, which has in recent years attempted to improve its reputation following a series of controversies. The lender, which advertised heavily on TV and through football sponsorships, was found by the financial regulator to have made loans to customers who could not afford to repay them, and to have chased bad debts with letters from a fake law firm.

The most recent results from the firm showed that following the introduction of tougher rules on lending the firm made a pre-tax loss of £80.2m in 2015, up from £38.1m the year before.

There was no sign of the breach on the lender’s website, which carried its usual information on how to apply for its loans.

On Twitter, customers were expressing concern about the breach and complaining that they were struggling to get onto Wonga’s website to change their account passwords. One tweeted the @OfficialWonga feed to say: “Received an email that my details may have been hacked. Please can you tell me if this is real? Been on hold for ages.”