Personal Data Breach at Wonga

wonga logo at Compliance3.comwonga logo @compliance3.comwonga logo @compliance3.com

It’s been a bit quiet of late on the data breaches front, although the suspicion has to be that, while data breaches are continuing, they just haven’t yet been detected.

The Republic of Ireland’s Data Protection Commissioner – Helen Dixon – announced on April 11th that some 2,224 data security breaches were reported in 2016. That’s an average of more than six breaches reported per day, in a nation of just over four and a half million people.

Here in the UK, it was announced on April 9th, that the payday loan company Wonga had suffered “illegal and unauthorised access to the personal data of some of our customers”. It’s thought that the personal details of around 245,000 UK customers and 25,000 polish customers may have been compromised.

Wonga’s website (here)claims that they are “still working to establish the full details. However, we believe it may include one or more of the following: your name, e-mail address, home address, phone number, the last four digits of your card number (but not the whole number) and/or bank account details and sort code.”

The fact that full payment card details were not compromised means that Wonga will escape card scheme penalties under PCI DSS, but they are likely to face a hefty penalty from the UK Information Commissioner.

Talk Talk were fined a record £400,000 in 2015 for a data breach that affected almost 157,000 customers.

Under next year’s GDPR legislation – which is still coming, regardless of Brexit – the penalty would have been up to 4% of the previous year’s global turnover. That would amount to just over £3m – for a company that reported a pre tax loss of £80m for the same period.

In the meantime Wonga are asking customers to “…beware of scammers or unusual online activity. Be cautious of anyone who calls you and asks you to disclose any personal information regardless of where they say they are from. If this happens, we recommend that you hang up.

Is your company preparing for GDPR?

We can help, get in touch.