Short-term lender Wonga has suffered a data breach which may have affected up to 245,000 customers in the UK.
Bank account numbers, sort codes and the last four digits of card numbers may have been accessed as part of the breach.
Wonga said personal information such as names, phone numbers and e-mail and home addresses could have also been accessed.
Wonga became aware of the breach last week but didn’t think any private data was involved at the time.
On Friday (April 7) it realised the attacks were more serious and started informing customers on Saturday by email and text.
A spokesperson for Wonga said: "Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland.
“We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused."
Wonga has recommended impacted customers to alert their bank and ask them to look out for any suspicious activity.
It has also asked customers to be vigilant of unusual online activity and to be cautious of anyone who calls and asks them to disclose any personal information.
Dan Panesar, vice president at Certes Networks, a specialist in encryption technology, said the latest attack on Wonga highlights that despite huge amounts of red-tape and regulation in the sector to protect data, something just isn’t working.
He said: “The problem lies in the entire industry’s approach to cyber security. There is an inherent flaw in the current ‘protect’, ‘detect’, ‘react’ model.
“It may work within the confines of current regulatory requirements, but once a hacker bypasses a network’s outer perimeter they are free to move uninhibited across the network, accessing a jackpot of sensitive data and wreaking havoc.”