Mishcon de Reya Cyber security Lead Joe Hancock, comments on the Wonga data breach this weekend, which affects around 245,000 customers in the UK and 25,000 in Poland.
"In other data breaches to date, mainly e-mail addresses and passwords have been lost, however on this occasion a variety of information - including bank account details, names and addresses - has been breached, making this more serious. The more personal and confidential the data, the greater the implications for consumers, especially when related to sensitive areas such as loans.
"This is added to the fact Wonga operates in an industry which has previously attracted negative media attention. It is therefore particularly important for other businesses in this space to be alive to the fact that a breach of this nature has the potential to impact them even more than other sectors. Such scandals can be fatal for a company's reputation and can even threaten to bring it down completely.
"The loss of data of Polish citizens in this instance shows that British companies need to ensure they are paying close attention to European data protection regulations, and start preparing for when the General Data Protection Regulation (GDPR) comes in to force in May next year.
"Notifying customers, as Wonga did, is the right thing to do and soon to be a regulatory requirement, however the messaging is very important. In this case, the notification appears to have been written to minimise Wonga's liability - it does not deal with the bank account information lost, and instead focuses on credit card information which was not fully exposed in the breach. Strong warnings to monitor suspicious activity seem out of place with denials that loan accounts have been accessed, meaning the breach may turn out to be more severe than expected."
To read the full article click here.