Attacks/Breaches

4/11/2017
09:45 AM
50%
50%

UK Loan Firm Wonga Suffers Financial Data Breach

Customers in the UK and Poland may have had their bank account details compromised.

British payday loan company Wonga has admitted to suffering a data breach affecting 245,000 customers in the UK and probably 25,000 in Poland, BBC News reports. The company is investigating what is "looking like one of the biggest" data breaches in the country involving financial data.

What could be a serious issue in the Wonga breach is the likely theft of customer bank account details including sort codes and the last four digits of bank cards. Earlier major hacking incidents in the country, like those linked to Talk Talk and Yahoo, did not involve financial data.

Information Commissioner's Office has said "All organizations have a responsibility to keep customers' personal information secure. Where we find this has not happened, we can investigate and may take enforcement action."

The company does not think its loan account database has been compromised, but nevertheless asked customers to be alert. It has set up a helpline and help page for those affected.

Read more on BBC News.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/11/2017 | 3:21:10 PM
help page for those affected
In situations such as these the company should be liable for provided anti-fraud services. Potentially baked into cyber insurance, the peace of mind and brand reputation that the company would lose would be reduced based off the previous event of a breach.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: White Privelege Day
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6504
PUBLISHED: 2018-09-20
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).
CVE-2018-6505
PUBLISHED: 2018-09-20
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
CVE-2018-14796
PUBLISHED: 2018-09-20
Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack.
CVE-2018-14821
PUBLISHED: 2018-09-20
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to r...
CVE-2018-14827
PUBLISHED: 2018-09-20
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.