Payday loan outfit Wonga.com has warned its customers of a breach which it believes may have resulted in personal data from a quarter of a million users being accessed by parties unknown.
Founded by Errol Damelin in 2006, Wonga.com specialises in short-term loan facilities - often called 'payday loans' - for those unable to open a traditional line of credit. The company is best known for its arguably usurious rates of interest: Its equivalent annual rate (EAR) on a two-week loan sits at around 1,509 percent - a rate it excuses as being 'a poor measure
' of short-term loans' true costs but which has been the subject of considerable negative publicity and parliamentary discussion. In 2014 the company cemented its negative public position with a £2.6 million order for compensation from the Financial Conduct Authority (FCA), which had discovered the company had been sending debtors threatening letters from fictional law firms and charging them for the privilege. Since this practice was discontinued and stricter rules for the conduct of short-term loan companies introduced, the company's profits have been declining sharply.
Now, its customers have a reason other than the sky-high interest rates to complain: Wonga.com has accidentally spread their personal data far and wide. 'We believe there may have been illegal and unauthorised access to the personal data of some of our customers,
' the company explained in a short page
on what it has termed 'the incident'. 'We are urgently working to establish further details and contacting those who we know have been impacted. The information may have included one or more of the following: name, e-mail address, home address, phone number, the last four digits of your card number (but not the whole number) and/or your bank account number and sort code.
While only partial card details were included, knowledge of the last four digits plus the linked bank account details are enough to raise the concern that whatever money customers have left after paying their Wonga.com loans off may be at risk, with the company advising users to 'look out for any unusual activity across any bank accounts and online portals.
While Wonga.com has claimed to have found no evidence that passwords were compromised in the attack, using the incident as an opportunity to cycle to new passwords across linked services would not be an inadvisable move to make.