The payday loan firm Wonga has suffered a data breach which may have affected up to 245,000 customers in the UK.

The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes.

The firm said it was “urgently investigating illegal and unauthorised access to the personal data of some of its customers”.

The firm said it began contacting borrowers on Saturday and was offering support through a dedicated phone line.

Prof Alan Woodward, a cyber-security expert at the University of Surrey, said it was “looking like one of the biggest” data breaches in the UK involving financial information.

The range of information stolen may also include the last four digits of customers’ bank cards – information used by some banks as part of the login process for online accounts.

What should Wonga customers do?

The payday lender has set up a help page for affected customers. It advises them to:

• Alert their bank and ask them to look out for any suspicious activity. Wonga will also be informing financial institutions about the breach.
• Watch out for scammers or unusual online activity. In particular, customers are told to be cautious about cold calls and emails asking for personal information
• Change the password you use for your Wonga account immediately.
• If the password you’ve used for the compromised account is being used elsewhere, change it immediately.
• Criminals can use personal data obtained from a data breach to commit identity fraud. Consider using credit reference agencies such as Experian or Equifax, to monitor your credit file for any unusual activity.
• Contact the Wonga helpline on 0207 138 8330 for further questions.

Prof Woodward said the combination of names, addresses, sort codes and last four digits of bank cards was “particularly worrying” for customers.

Be vigilant

In a statement, the firm said: “We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.”

Wonga said it did not believe the attackers had gained access to users’ loan accounts, but warned them to be vigilant.

The lender, which provides short-term loans, said it had became aware of the breach last week but at that time thought no data was involved.

However, by Friday it realised the attacks were more serious and started informing customers on Saturday by email and text.

For more information about our work, please visit www.safeinwarwickshire.com/cybercrime

Cyber Aware is a cross-government campaign, funded by the National Cyber Security Programme. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).

Get Safe Online is the UK’s leading source of factual and easy-to-understand information on online safety. Their website offers advice on how you can protect yourself, your computers and devices, and your business against the likes of fraud, identity theft, viruses and other potential online problems.