The payday loan firm Wonga has said up to 270,000 of its customers may have been affected by a data breach.
The firm said it was “urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland”.
The firm said it began contacting borrowers on Saturday and was offering support through a dedicated phone line.
The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes.
Around 245,000 of the customers affected are based in the UK with the rest in Poland.
In a statement, the firm said: “We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.”
Wonga said it did not believe the attackers had gained access to users’ loan accounts, but warned them to be vigilant.
The lender, which gives short-term loans, said it had became aware of the breach last week but at that time thought no data was involved.
However, by Friday it realised the attacks were more serious and started informing customers on Saturday by email and text.
The range of information stolen also includes the last four digits of customers’ bank cards – information used by some banks as part of the login process for online accounts.
It is a further blow for Wonga which has been trying to rebuild its reputation after several scandals.
In 2014, the financial regulator found it had made loans to customers who could not afford to repay them, and chased debts with letters from a fake law firm.
In 2015, the firm saw its losses double as tougher regulation in the industry continued to bite.
Its pre-tax losses grew to £80.2m that year from £38.1m in 2014.