Cyber Incident Victim: 118 118 Money
Date:
Mar 2020
Location:
United Kingdom
Summary
A financial division of a UK directory enquiry service parent company experienced unauthorized system access, prompting an immediate shutdown of its network and website to investigate the breach. Customers were notified of the incident, though the extent of data compromise remained unclear during the ongoing probe. Operational impacts included suspended new loan and credit card applications while existing credit card functionality continued unaffected. The affected entity, specializing in high-interest personal loans and subscription-fee credit cards targeting borrowers with low credit scores, maintained customer support via limited channels amid heightened call volumes. The website remained offline for multiple days as the parent organization worked to restore services without confirming specific attack methods or data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 23, 2020, 118 118 Money, a UK-based personal loans and credit card provider owned by US parent company kgb, detected unauthorized access to its systems. The company responded by temporarily taking its network offline to investigate the intrusion, which also resulted in the shutdown of its website. Customers were notified via letter on March 23, though the communication did not specify when the breach was discovered, how attackers gained entry, or whether any data was exfiltrated. The company acknowledged the incident disrupted normal operations but assured existing credit card holders they could continue using their cards. New applications for loans and credit cards were suspended indefinitely during the outage. Customers were directed to use a chat function embedded in the notification email or call a dedicated helpline, though the company warned of extended wait times due to high call volume. Operating hours for customer support were reduced to 11am–5pm during the investigation. The website remained inaccessible for at least two consecutive days following the initial detection.

118 118 Money, operating under parent firm Madison CF UK Ltd, specialized in high-interest personal loans (£1,000–£5,000 at 36–80% APR) and subscription-fee-based credit cards targeting borrowers with low credit scores. The credit card division, launched in 2018, required a minimum annual income of £8,400 and charged monthly fees instead of interest. At the time of the breach, the company was financially struggling, reporting a £6.57m comprehensive loss for 2018 despite £62.929m in interest income. The intrusion occurred amid broader cybersecurity concerns highlighted by external experts, who noted a trend of ransomware attackers both encrypting systems and stealing data for dual extortion tactics. While 118 118 Money did not confirm ransomware involvement or data compromise, its containment actions focused on isolating systems and restoring operations. Customer communications emphasized operational continuity for existing accounts but deferred new business until the investigation concluded. The incident disrupted core services while exposing vulnerabilities in a business already facing financial challenges from prior years’ losses.
