Payday lender Wonga issued a warning to its customers in the wake of a massive data breach.
The company notified roughly 270,000 of its customers — more than 240,000 in the U.K. and another 25,000 in Poland — that their information may be at risk after a data breach that was discovered last week. However, the company said it did not realize customer information was potentially exposed by the breach until days later.
“Wonga is urgently investigating illegal and unauthorized access to the personal data of some of its customers in the U.K. and Poland. We are working closely with authorities, and we are in the process of informing affected customers. We sincerely apologize for the inconvenience caused,” a spokesperson for the company told TechCrunch.
In a statement on its website, the company confirmed that it doesn’t believe customers’ Wonga account passwords were compromised in the breach, but it does suggest that if a user has concerns, they should reset their password.
Wonga also identified the security precautions its customers should take, which include alerting their banks and staying vigilant about unusual account activity.
For now, the company has not provided any additional details about the breach itself or how it was compromised.
The notification process for data breaches will soon be a hot topic, as the EU looks to push through the revised Data Protection directive in May 2018. Once enforced, the new rules will require companies to inform data protection authorities of breaches involving financial information within 72 hours. Failure to comply with the directive could cost a company up to €10 million — or 2 percent of its global turnover in fines.