bit-tech.net

Wonga.com loses 250,000 customers' data in major breach

Wonga.com loses 250,000 customers' data in major breach

Errol Damelin's short-term loan company Wonga.com has been hit by a major data breach, with personal data - including bank account details - for a quarter of a million customers having been accessed.

Payday loan outfit Wonga.com has warned its customers of a breach which it believes may have resulted in personal data from a quarter of a million users being accessed by parties unknown.

Founded by Errol Damelin in 2006, Wonga.com specialises in short-term loan facilities - often called 'payday loans' - for those unable to open a traditional line of credit. The company is best known for its arguably usurious rates of interest: Its equivalent annual rate (EAR) on a two-week loan sits at around 1,509 percent - a rate it excuses as being 'a poor measure' of short-term loans' true costs but which has been the subject of considerable negative publicity and parliamentary discussion. In 2014 the company cemented its negative public position with a £2.6 million order for compensation from the Financial Conduct Authority (FCA), which had discovered the company had been sending debtors threatening letters from fictional law firms and charging them for the privilege. Since this practice was discontinued and stricter rules for the conduct of short-term loan companies introduced, the company's profits have been declining sharply.

Now, its customers have a reason other than the sky-high interest rates to complain: Wonga.com has accidentally spread their personal data far and wide. 'We believe there may have been illegal and unauthorised access to the personal data of some of our customers,' the company explained in a short page on what it has termed 'the incident'. 'We are urgently working to establish further details and contacting those who we know have been impacted. The information may have included one or more of the following: name, e-mail address, home address, phone number, the last four digits of your card number (but not the whole number) and/or your bank account number and sort code.'

While only partial card details were included, knowledge of the last four digits plus the linked bank account details are enough to raise the concern that whatever money customers have left after paying their Wonga.com loans off may be at risk, with the company advising users to 'look out for any unusual activity across any bank accounts and online portals.'

While Wonga.com has claimed to have found no evidence that passwords were compromised in the attack, using the incident as an opportunity to cycle to new passwords across linked services would not be an inadvisable move to make.

6 Comments

Discuss in the forums Reply
Cthippo 12th April 2017, 07:13 Quote
Why would you want the personal information of payday loan users? By definition they have no money and no credit!
MeMo 13th April 2017, 03:25 Quote
I call BS!!!!
Sterkenburg 18th April 2017, 15:02 Quote
Quote:
Originally Posted by Cthippo
Why would you want the personal information of payday loan users? By definition they have no money and no credit!

Companies in this industry are especially targeted because they tend to be more lax on security, but a buyer of stolen identities doesn't know or doesn't always care that these users have particularly bad credit.
MeMo 18th April 2017, 20:20 Quote
Quote:
Originally Posted by Sterkenburg
Companies in this industry are especially targeted because they tend to be more lax on security, but a buyer of stolen identities doesn't know or doesn't always care that these users have particularly bad credit.

That is true!
wolfticket 19th April 2017, 03:47 Quote
Quote:
Originally Posted by Cthippo
Why would you want the personal information of payday loan users? By definition they have no money and no credit!
If you were to be potentially a little unkind I guess one could argue having previously borrowed money from Wonga.com makes you the perfect target for a phishing attack.
Cthippo 20th April 2017, 09:33 Quote
Quote:
Originally Posted by wolfticket
If you were to be potentially a little unkind I guess one could argue having previously borrowed money from Wonga.com makes you the perfect target for a phishing attack.

On the one hand, having the personal info on a bunch of poor people is of questionable value.

On the other hand, the personal details of a bunch of, gullible at best, people is worth it's mass in gold.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums