Payday lender Wonga has warned nearly a quarter of a million customers that they may have been affected by a data breach.
The stolen data includes names, addresses bank account numbers and sort codes.
The lender, which provides short-term loans, said it is investigating “illegal and unauthorised access” to some of its customers’ personal information in both Britain and Poland.
Around 245,000 customers may have been affected by the cyber attack in the UK, and 25,000 in Poland, a spokeswoman said.
The information stolen could also include the last four digits of users’ bank cards, which are used by some banks to enable log-ins to online banking services.
The firm, which said it knew something had happened by Tuesday but did not become aware of a data breach until Friday and began notifying customers on Saturday through email and text.
Wonga said it believes users’ loan accounts are secure and no action needs to be taken. Customers have been warned to look out for any “unusual activity“, and to be cautious about cold calls or emails asking for personal information.
Wonga is the latest in a line of British companies and institutions to suffer a major security breach. Tesco Bank, Lloyds, TalkTalk and the NHS have all been hacked.
British customers were also among one billion people whose personal details and passwords could have been compromised when Yahoo was hacked in 2013 – believed to be the world’s largest ever cyber attack.
However Yahoo users’ bank details were not affected, the company said last year when it divulged the attack after being handed information by law enforcement agencies in the USA.
The Wonga breach is believed to be one of the biggest involving financial information to have hit a UK company.
A spokesman said: “Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland.
“We are working closely with authorities and we are in the process of informing affected customers.
“We sincerely apologise for the inconvenience caused.”
Wonga has set up a help page on its website for customers and has a phone line for further enquiries. Its website advises customers to change their password and to alert their bank andask them to look out for suspicious activity.
It adds: “Cyber attacks are, unfortunately, on the rise. While Wonga operates to the highest security standards, these illegal attacks are unfortunately increasingly sophisticated.”
The police and Information Commissioner’s Office have been informed.
A spokesman for the ICO said: “All organisations have a responsibility to keep customers’ personal information secure.
“Where we find this has not happened, we can investigate and may take enforcement action.”
Critics say the “payday lending” industry preys on vulnerable borrowers with high interest rates and marketing tactics.
In 2014, Wonga agreed to pay compensation of more than 2.6 million pounds to 45,000 customers after it sent threatening letters to customers from fake law firms.