Payday lender Wonga is the latest financial services company to be hit by a reported data breach. Reports suggest that up to 250,000 customers may have been affected, with stolen data including names, addresses, bank account numbers and sort codes.
Wonga appears to have moved very quickly to inform customers. They claim only to have confirmed the data breach on Friday, and began informing their customers on Saturday by email and text. Wonga says that users’ loan accounts are secure and no action needs to be taken, but they have warned customers to look out for cold calls or emails asking for personal information. They are also suggesting that customers change their online passwords.
Wonga is the latest in a string of UK companies to suffer a major security breach, including Tesco Bank, Lloyds and TalkTalk. The breach is believed to be one of the biggest involving financial information to have hit a UK company.
The rapid response from Wonga highlights the pressure that companies are now under to act quickly to inform and safeguard customers. This pressure is a combination of regulatory requirements, the need to protect themselves from compensation claims by customers and the need to protect their reputation against the inevitable damage of negative publicity.
According to the latest report from IBM Security, the average cost of a data breach hit $4 million in 2016, representing a 29% increase since 2013. That’s approximately $158 for every lost or stolen record. This means that the cost to Wonga of their data breach could top $40 million.
Wonga’s rapid response could save them some of this cost. According to the IBM report the average time to identify a breach in the study was 201 days, and the average time to contain a breach was 70 days. This is quite staggering.
The quicker that a company can discover and respond to a data breach the less costly it is likely to be for them in terms of finance, customers and reputation. This is why it is essential that every company handling personal data, especially sensitive personal data such as customer bank details, had leading edge monitoring solutions in place to identify and mediate cyber breaches as rapidly as possible.
Sonny Sehgal
Head of Cyber Security
