Data Breach at U.K. Payday Lender Exposes 270,000 People's Personal Information

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The U.K. payday lender Wonga, which offers short-term loans at an APR of 1,509 percent, recently acknowledged that a data breach may have exposed the personal information of 245,000 customers in the U.K. and another 25,000 in Poland, BBC News reports.

The information potentially exposed includes names, email addresses, home addresses, phone numbers, bank account numbers, sort codes, and the last four digits of card numbers.

Wonga says it's still working to determine exactly what data was accessed, and it isn't saying how the breach occurred.

"We do not believe your Wonga account password was compromised and believe your account should be secure, however if you are concerned you should change your account password," Wonga said in a statement. "We also recommend that you look out for any unusual activity across any bank accounts and online portals."

University of Surrey cybersecurity expert Alan Woodward told the BBC the breach appears to be one of the biggest ever in the U.K. to expose financial information.

"Cyber attacks are, unfortunately, on the rise," Wonga stated. "While Wonga operates to the highest security standards, these illegal attacks are unfortunately increasingly sophisticated."

A recent Bitglass survey of more than 3,000 IT professionals found that 87 percent of organizations were victims of a cyber attack in the past year, and 86 percent believe another cyber attack in the next 12 months is likely.

One third of organizations were hacked more than five times, double the rate from 2014. Organizations averaged eight cyber attacks in the past 12 months.

Sixty-nine percent of respondents monitor the network perimeter for security risks, 66 percent monitor desktops for security risks, 61 percent monitor laptops, and just 36 percent monitor mobile devices. Only 24 percent monitor cloud apps for security risks.

When asked to rate their organization's overall security posture, respondents ranked the security of their servers and network perimeter the highest, and the security of desktops, laptops and mobile devices the lowest.

While 52 percent of organizations plan to increase their security budgets, 40 percent foresee no changes, and 8 percent expect their security spend to decline.

The leading security concern for 37 percent of respondents is phishing, followed by insider threats (33 percent) and malware (32 percent).

"In the coming year, as more organizations put their security budgets to work, expect to see much needed capabilities -- access controls, cloud DLP, encryption -- become widespread," the report states.