Another day, another potential download of private financial data into hackers’ hands. This time it’s UK payday loan company Wonga.com investigating a breach that could affect 270,000 customers.
If confirmed, the unauthorized access to Wonga’s records could be one of the UK’s largest financial data breaches. The total may also include 25,000 of Wonga’s customers in Poland, and former customers who no longer use its services.
According to the BBC, this includes names, addresses, phone numbers, bank account numbers and sort codes. It may also include records of the final four numbers of customers’ bank cards, often used for logins.
Wonga Website Was ‘Extremely Secure’
The company attempted to reassure its customers with the following message:
“We are urgently working to establish further details and contacting those who we know have been impacted. The information may have included one or more of the following: name, e-mail address, home address, phone number, the last four digits of your card number (but not the whole number) and/or your bank account number and sort code.”
“We do not believe your Wonga account password was compromised and believe your account should be secure, however if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals.”
IT security writer Graham Cluley noted Wonga had previously claimed its website was “extremely secure”. It used SSL, encrypted storage and firewalls among other security measures to protect its users, the company said.
War-weary consumers are starting to accept the fact that data breaches are a regular occurrence, and wonder if they can ever be prevented completely. Changing passwords is a minor inconvenience, but a potential hack of all credit card and bank account information is more concerning.
Using bitcoin (where possible) is one way to avoid unnecessarily exposing your full identity and account balance to hackers. However even this wouldn’t help at regulated financial services providers, who by law and practicality need to know who they’re doing business with.
Controversial Short-Term Lender
Wonga.com, whose name comes from a British slang word for “money”, is a short-term-high-interest lender, or “payday loan” provider. It uses an algorithm to assess credit risk and its customers can apply for loans online using mobile apps. It serves customers in the UK, Poland, Germany, Spain and South Africa.
Like many payday loan companies around the world, Wonga’s activities are controversial. Regulators, religious bodies and the media have criticized their high interest rates and aggressive debt collection practices.
In their defense, payday loan companies say they’re serving a market that would otherwise have no access to credit to purchase often-essential items. Their fees and debt-collection activities are necessary in a higher-risk lending landscape.
The Guardian wrote that Wonga frequently runs at a loss anyway, and that losses grew from £38.1m to £80.2m per year in 2015. It said this was due to the UK’s Financial Conduct Authority (FCA) taking over regulation of the payday loans industry and introducing tighter restrictions at the start of 2015.
The company had previously said it had refined its services and processes, and expected to be profitable again in 2017. Whether or not demand for its products remains constant after this week’s data breach is still uncertain.
Are consumers helpless in a world where all personal data is online? Let us know your opinion in the comments.
Images via Pixabay, Wonga.com