Robert O’Brien, CEO of global Information Security and Compliance software provider MetaCompliance, said the possible breach involving 245,000 UK customers puts some of the most financially vulnerable in society in the “direct firing line” of international cyber criminals.
“In the most conservative of estimates, at least 10 per cent of people whose details are compromised end up being scammed out of money.
“In the case of Wonga, that’s almost 25,000 UK customers losing out to thieves. Given the vulnerable financial positions of many who use payday loan services, there is the added fear of victims being blackmailed with the threat of releasing information on their private debts,” he said.
Mr O’Brien added: “The coupling of huge breaches such as this one with phishing scams represents a deadly mix. The biggest mistake is when people think it will never affect them. The truth is that as soon as personal details fall into the wrong hands, the crime spree into our homes can begin. In many cases the victims are completely unsuspecting - at a glance many phishing emails look like they have come from a known and respected source.
“A breach such as the one experienced at Wonga means that many thousands of names and personal details end up in criminal contact lists. This happens not just once but multiple times, leaving the victims open to multiple scams operating by criminals in different countries around the world.”
Mr O’Brien explained the process following a data breach by hackers.
“All of the data compromised will be sold on the dark web and the next step will be criminals hitting people’s inboxes with phishing emails.
“A large number of people will click on the mail, causing the malware to be downloaded. Initially nothing happens but the next time the target logs into an account their passwords are recorded. It’s then that teams of cyber criminals can start cleaning out accounts and stealing from the victims.
The online lender said it was “urgently investigating illegal and unauthorised access” to the personal data of some of its customers in the UK and Poland. It is understood that the breach could affect up to 270,000 current and former customers, including 245,000 in the UK.