Wonga whacked in security crack compromising 270,000 customers' financial details

245,000 UK Wonga customers at risk, along with 25,000 customers in Poland

Payday loans company Wonga has warned about a security breach that has compromised customers' financial information.

The company says that up to 245,000 current and former customers in the UK could be affected, as well as a further 25,000 in Poland.

As well as the usual email address and phone number theft, Wonga has admitted that the information stolen in the breach could include customers' bank account numbers and sort codes, along with the last four digits of their credit card number.

"We will be alerting financial institutions about this issue and any individuals impacted as soon as possible, but we recommend that you also contact your bank and ask them to look out for any suspicious activity," Wonga advises in a statement on its website.

There's some good news: Wonga said that accounts and passwords had not been compromised, but advised that customers look out for unusual activity across their accounts.

The firm said it knew that something fishy was going on last Tuesday, but did not become aware of a data breach until Friday. It started making customers aware on Saturday via email and text message.

Those caught up in the breach will receive a message that reads: "We believe there may have been illegal and unauthorised access to some of your personal data on your Wonga.com account."

A Wonga spokesperson said in a statement: "Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland.

"We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused."

Wonga will likely be feeling even more sorry for itself once the Information Commissioner's Office (ICO) catches wind of the situation, as it could be fined by the UK watchdog if it finds that the firm's security measures were inadequate.

Last year, for example, UK ISP TalkTalk was hit with a maximum £400,000 for failing to prevent a breach of its systems in October 2015 in which roughly 157,000 customers' data was accessed.

An ICO spokesperson told Computing: "All organisations have a responsibility to keep customers' personal information secure. Where we find this has not happened, we can investigate and may take enforcement action."

Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.

Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.

Attendance is free to qualifying IT professionals and IT leaders - register now!