Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - WONGA: Response Needed To Protect Longevity Of Company
News & Analysis

WONGA: Response Needed To Protect Longevity Of Company

ISBuzz TeamBy ISBuzz TeamApril 11, 2017Updated:April 11, 20179 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Following the news that Wonga, the payday lender has experienced a data breach that may affect up to ‘245,000 UK customers’, IT security experts from SailPoint, McAfee, ViaSat Europe, Tenable Network Security, ESET, Micro Focus, Netskope and F5 Networks commented below. 

Kevin Cunningham, President & Co-Founder at SailPoint:

kevin-cunningham“This data breach from Wonga shows that incidents are an everyday occurrence that businesses must counteract or risk a significant impact to their bottom-line as well as customer loyalty.

“Businesses house more and more sensitive data, therefore everyone from the executive level down needs to ensure there is a collaborative effort from internal staff to protect sensitive customer information and ultimately, the health and longevity of the company.

“In today’s market, it’s a matter of when, not if, a data breach will happen. So the most important factors are prevention, education, and rapid response. When a breach does happen, it’s important to quickly find out how and why it occurred, assess the damage and required response, and put IT controls in place to address future attacks. This is where identity and access management solutions can help, because they can address the immediate pain while also identifying – and mitigating – other areas of exposure.”

Raj Samani, Chief Scientese at McAfee:

raj_samani“Users of Wonga should be extra vigilant right now and be cautious about incoming requests via phone or email. Our 2016 Data Protection Benchmark Study found there are around 21-30 data loss incidents per day across the UK’s financial services industry. Criminals can exploit the data they’ve stolen to contact customers directly, build trust and ultimately profit from the knowledge they have to hand.

“As the financial services industry becomes increasingly digital, corporations need to consider increasingly digital security solutions, such as artificial intelligence and machine learning. This will help protect against current cybercrime tools and tactics, while empowering the financial services industry to detect the next wave of cybercrime – based on intricate analysis of cybercriminals’ behaviour – and remediate these threats as soon as they launch.

“But this can’t operate in silo. The whole industry needs to be thinking about how they evolve to share intelligence. Security is not a competition point.”

Marc Agnew, Vice President at ViaSat Europe:

isbuzz-author-male_1“Wonga’s stock with the general public has never been particularly high, but this breach will see it fall even further. It is simply the latest name in a long list of data breach victims that will come to realise that the reputational impact of a breach is more damaging than anything the ICO can do to them, or the cybercriminals themselves for that matter.

“The stakes are so high that organisations need to treat cyber-attack not only as a threat, but as an inevitability. Organisations must therefore ensure that all customer data is encrypted, not just the passwords and card details, so that any stolen data is essentially worthless. Inadequately protecting customer data can create massive problems for enterprises and consumers alike.   Reacting to an attack appropriately is vital; from isolating and identifying the origin, to taking stock of what has been stolen or affected and making sure those who have been put at risk are notified and protected as soon as possible. By the looks of it, Wonga’s customers were alerted in a timely manner and should be well informed enough to take action. This is all Wonga can do at this stage, but it’ll be interesting to see what happens next and how serious an attack this turns out to be.”

Gavin Millard, Technical Director EMEA at Tenable Network Security:

Gavin-Millard“Whilst Wonga’s post breach FAQ states they ‘don’t believe your wonga account password was compromised’, I would strongly advise changing this password wherever it has been reused.
“A favorite trick by scam artists is to use the data swiped to build up trust and credibility with a target to then request further information they don’t have, so customers should be extra careful dealing with unsolicited calls irrelevant of who they claim to be.”

Mark James, Security Specialist at ESET:

mark-james“Malware is being written, modified and adapted to do all sorts of tasks – some breaches are opportunistic and it may just be a lucky hit from malware doing the rounds or it may be the result of a targeted attack through a sophisticated phishing scam designed to gain access to internal systems and wreak havoc from inside.

“If we want to use services supplied by others – whether it’s watching a film or borrowing money, we have to trust the company involved. We give them our details, they tell us how they value us as a customer and we get the goods. What more can we do? In theory, nothing – we just have to take them at their word as we have no direct control over how they store our data, what measures are in place to protect our data if it should end up in the wrong hands. All data has a value and the most common data found on the internet is usually the data we cannot change: names, dates of birth, addresses and phone numbers, all of which can be used to phish for more data or attempt identify fraud or theft. Our financial records of course are a little different as this data can be used to directly target your money. If enough data is obtained it may be possible to steal funds directly from your account or in some cases make changes to your account that could enable the attacker to pretty much do as they please. Of course in most cases we can get the money back but it’s the inconvenience of having cards and accounts changed or even frozen while that’s happening.

“If you find yourself concerned or even the victim of a data breach you should contact your bank immediately. Change any passwords for internet or mobile banking and be extra careful when contacted via email, or indeed any kind of messaging process and ensure that you validate who you are talking to. If you’re not 100% sure of the person you’re talking to, be polite, hang up and contact them yourself through an alternate method (if possible in person). Your banks understand the pressure of scammers and they want you to be safe so you should not be penalised for taking extra precautions and in most cases they should encourage it.”

David Mount, Director, Security Solutions Consulting EMEA at Micro Focus:

David Mount“This latest data breach from Wonga – potentially one of the largest data breaches in the UK involving financial information – once again raises the question of how large organisations are protecting our personal data. Various personal details are thought to have been stolen including sort codes and account numbers, leaving many thousands concerned that the cyber attackers will be targeting their bank accounts next.

“While there is a perception that cyberattacks are perpetrated by a teenage lone wolf in their bedroom, the reality couldn’t be further from the truth. Organised cybercrime is more profitable than the drugs trade and has far less risk for the perpetrators, who have become adept at sharing information amongst themselves. To make life harder for these cybercriminals, organisations must recognise the threat of sophisticated attacks today – and work together to keep cyber attackers at bay.

“Businesses should be collaborating around the early indicators of compromise in order to understand the known mitigation path. While attacks can be targeted to specific organisations, finding an indicator of compromise is always the first step. Once Wonga has established further details on how the breach occurred, the company should share this key data with the relevant authorities. Criminal gangs are trying to industrialise the process, so they’re looking for certain types of systems and searching for places to replicate a specific attack. This means the same tactics can be repeated hundreds of times – and the Wonga attack could be repeated elsewhere, leaving thousands of further accounts vulnerable to theft.”

André Stewart, VP EMEA at Netskope:

andre-stewart“The news that Wonga has been hit with a cyber-attack will have left thousands of UK customers wondering if their personal data was included in the horde of sensitive information stolen by cyber thieves. Customers’ bank account numbers, sort codes, addresses and even the last four digits of users’ bank cards are thought to have been stolen. While the organisation has stated that affected customers are unlikely to be at risk of theft, the fact remains that private personal information was compromised – posing a risk to customers.

“Data loss prevention needs to be a key priority for all businesses. Ignoring or downplaying increasingly sophisticated cyber threats is not an option. The EU General Data Protection Regulation (GDPR) – set to come into effect in just over a year – will hold organisations accountable for their data practices. As a result, companies will be forced to take active measures to mitigate any threats to personal privacy, whether that data is stored on-premises or in the cloud. Any companies falling short of these standards could face hefty fines.

“Alongside demonstrating that they have coached employees on the GDPR and secure data handling, employers will also need to provide staff with the tools to do their jobs securely without sacrificing ease and convenience. Ensuring the secure use of cloud services will be a fundamental piece of the compliance puzzle. Remaining vigilant to any unusual user behaviour and implementing technology such as DLP tools can ensure businesses are able to keep a close eye on particularly sensitive data, such as personally identifiable information (PII) of the type stolen in this latest hack. This will be the key to not only preserving customers’ privacy but also achieving GDPR compliance.”

Paul Dignan, Senior Systems Engineer at F5 Networks:

Paul Dignan“The growing volume of encrypted traffic and high bandwidth of cloud services is making today’s security solutions work harder than ever to detect threats and reduce data leakage. Thus, businesses need to take an approach of ‘embracing the attacks’ to build a more robust architecture. Accepting the fact that hackers will attempt to access your data at any level where it is exposed is part of tackling the problem, starting from the endpoint itself. The application is where the cybercriminal sees the prize and for hackers, data means dollars.

“A successful security strategy protects organisations’ most critical assets, identities and applications by authenticating and authorising the right people to the right data and making sure distinction is made between legitimate access, human access and malicious attempts – whether crafted by bots or malware. Implementing a zero-trust model represents a fundamental change in security management and requires a comprehensive, integrated plan to transition the business to be effective with its cyber risk strategy.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground

May 20, 20265 Mins Read

Security’s Blind Spot: The Threats Hiding in “Low-Severity” Alerts

May 6, 20265 Mins Read

Visual data is the blind spot in enterprise security: that’s about to change

May 4, 20267 Mins Read
ISB-Bora-Side-Bar

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}