UK-based payday loan company Wonga says there may have been illegal and unauthorised access to the personal data of some of its 270,000 customers.

In a statement, the firm says information stolen may have included one or more of the following: name, e-mail address, home address, phone number, the last four digits of a card number (but not the whole number) and/or a bank account number and sort code.

Wonga says it does not believe account passwords were compromised but recommends users to look out for “any unusual activity across any bank accounts and online portals”.

The firm is telling its customers to carry out the usual security precautions – such as alerting their banks and exercising vigilance.

It is still working to establish the full details of what personal information has been stolen.

The data breach could affect its 270,000 current and former customers, including 245,000 in the UK. Wonga has not yet revealed where the cyberattack took place.

Wonga was launched in October 2007 and offers short-term loans, which with the interest charged, can equate to an annual percentage rate (APR) of 1,509%.

The firm operates in the UK, Germany, Spain, Poland and South Africa. It did operate in Canada until May 2016.