Loans company Wonga has admitted a security breach that has compromised the personal financial data of 270,000 customers - 245,000 in the UK and 25,000 in Poland
As well as the usual email address and phone number theft, Wonga has admitted that the information stolen in the breach may even include customers' bank account numbers and sort codes, along with the last four digits of their credit and debit card numbers.
"We will be alerting financial institutions about this issue and any individuals impacted as soon as possible, but we recommend that you also contact your bank and ask them to look out for any suspicious activity," Wonga advises in a statement on its website.
There's some good news: Wonga said that accounts and passwords had not been compromised, but advised that customers look out for unusual activity across their accounts.
The firm said it knew that something fishy was going on last Tuesday, but did not become aware of a data breach until Friday. It started making customers aware on Saturday via email and text message.
Those caught up in the breach will receive a message that reads: "We believe there may have been illegal and unauthorised access to some of your personal data on your Wonga.com account."
A Wonga spokesperson said in a statement: "Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland.
"We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused."
Wonga will likely be feeling even more sorry for itself once the Information Commissioner's Office (ICO) catches wind of the situation, as it could be fined by the UK watchdog if it finds that the firm's security measures were inadequate.
Last year, for example, UK ISP TalkTalk was hit with a maximum £400,000 for failing to prevent a breach of its systems in October 2015 in which roughly 157,000 customers' data was accessed.
An ICO spokesperson told V3: "All organisations have a responsibility to keep customers' personal information secure. Where we find this has not happened, we can investigate and may take enforcement action."
Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.
Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.
Attendance is free to qualifying IT professionals and IT leaders - register now!
Infected apps have been downloaded more than 50 million times
Customers of regular price-raising ISP and cable operator claim nationwide outages started on Monday
Pixel 2 smartphones and a Pixel-branded laptop also planned by Google
The moment you've all been waiting for...