The information stolen could also include the last four digits of users’ bank cards, which are used by some banks to enable log-ins to online banking services.
The firm, which said it knew something had happened by Tuesday but did not become aware of a data breach until Friday and began notifying customers on Saturday through email and text.
Wonga said it believes users’ loan accounts are secure and no action needs to be taken. Customers have been warned to look out for any “unusual activity”, and to be cautious about cold calls or emails asking for personal information.
Wonga is the latest in a line of British companies and institutions to suffer a major security breach. Tesco Bank, Lloyds, TalkTalk and the NHS have all been hacked.
British customers were also among one billion people whose personal details and passwords could have been compromised when Yahoo was hacked in 2013 – believed to be the world’s largest ever cyber attack.
However Yahoo users’ bank details were not affected, the company said last year when it divulged the attack after being handed information by law enforcement agencies in the USA.