More than a quarter of a million people might be caught up in one of the most damaging hacks in recent history.
The lender has confirmed that it was the victim of a huge attack that could have leaked the personal details of up to 270,000 customers, almost all of whom were in the UK. That number includes former customers who details may also have been stolen.
The payday loan company, which has been repeatedly criticised for preying on vulnerable people with extremely high interest loans, said that it was aware of something amiss last week but didn't realise until Friday that people's information was available.
The leaked data includes people's addresses, bank details and card details, according to reports.
The company told its customers to look out for any "unusual activity" on their accounts. It has sent messages to all affected borrowers, it said, reading "We believe there may have been illegal and unauthorised access to some of your personal data on your Wonga.com account".
A spokesperson said that it was investigating the reports of a hack.
"Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland, the company said. "We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused."
Wonga's website did not initially make mention of the hack. It now links out to a special help page that says the company is "urgently working to establish further details" of the incident.
It recommended that customers alert their bank that there could be problems with their account and look out for suspicious activity. It also warned them to exercise vigilance themselves, including being cautious of anyone who might ask for personal information and ignoring any requests for data.
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies