Which? uses cookies to improve our sites and by continuing you agree to our cookies policy.

Ask an expert: ‘My building society was hacked – what should I do?’

We respond to a Which? member who was a victim of a large-scale cyber attack

Every week, Which?’s money experts answer your financial queries. You can submit your questions to money-letters@which.co.uk, or via our Facebook or Twitter pages.

Q. My building society recently sent me a letter about an unauthorised hack into its email system. It has given reassurance that my savings account has not been affected, although personal details, such as name, address, date of birth, contact details and passbook roll number, could have been viewed.

It has offered to pay for a one-year ID-protection service with a credit reference agency, but I’m not sure if this is enough.

Name and address supplied.

A. We’ve all heard of several large-scale cyber-attacks, and even though this is a small, local building society, the risks to customers are just the same.

The danger is that personal information could be used for impersonation fraud, and that perpetrators could apply for credit cards and loans in your name.

What to do if your data has been compromised

If you are a victim of data breach, the company involved should let you know as soon as possible.

You should check for any unusual activity on your accounts, and report it to the company and Action Fraud. Even if you’ve not spotted anything fishy, it’s worth changing your online passwords as these may well have been accessed.

Be extra wary of scam phone calls regarding your activity with this company. Scammers often use personal details they have stolen to convince you that they’re legitimate callers from a company you have financial dealings with.

Legitimate companies will never call out of the blue to ask for financial details, passwords or for you to download software onto your computer.

Find out more: how to spot a scam – educate yourself on the signs

Benefits of Cifas registration

We suggested that you ask the building society to pay for Cifas protective registration. It has agreed to do this for you.

This will place a flag alongside your name and personal details in their secure anti-fraud database. This will help retailers see you’re at extra risk of fraud and prompt to take extra steps to verify your identity.

Applying for financial products and services might take a little longer, as companies may see the flag and request further details, but you can be reassured that your details are being protected. Registration costs £20 and lasts for two years.

ID fraud soaring

Cifas recently revealed that ‘facility takeovers’, a type of identity fraud where scammers access people’s money by posing as their victims, soared by 45% in 2016.

The body also disclosed which regions of the UK were hotspots for ID fraud. See the map below to discover how common ID fraud is in your hometown.

Back to top