Cyber Incident Victim: Wonga

The Wonga data breach occurred between April 4 and April 7, 2017, when attackers gained unauthorized access to customer data across the company's UK and Polish operations. The payday lender first detected unusual activity on Tuesday, April 4, but initially did not recognize the incident as a data breach. By Friday, April 7, Wonga confirmed that personal information from approximately 270,000 customers had been compromised - affecting 245,000 UK customers (representing 25% of its British client base) and 25,000 Polish customers. The stolen data included sensitive financial details such as bank account numbers, sort codes, physical addresses, and the last four digits of payment cards. While Wonga stated customer accounts remained secure, the breach exposed sufficient information to enable potential financial fraud targeting affected individuals.

Wonga notified both UK and Polish authorities, including the Information Commissioner's Office and law enforcement agencies, following confirmation of the breach. The company advised customers to monitor their accounts for unusual activity but asserted no immediate protective actions were required beyond vigilance. This incident occurred against the backdrop of Wonga's controversial industry reputation, with the lender having previously compensated 45,000 UK customers £2.6 million in 2014 for regulatory violations. The breach represented a significant security failure for the company, exposing nearly a quarter-million UK customers to potential identity theft and financial fraud risks through the compromise of banking identifiers and personal information. No technical details regarding attack vectors or remediation measures were disclosed beyond the confirmation of unauthorized access and ongoing investigation.