Sensitive information about Tesco Bank Travel Money customers – including names, addresses and partial payment card information – has been exposed by foreign currency service Travelex.
Travelex, which provides Tesco Bank’s foreign currency service, confirmed it became aware that the information had been disclosed outside the firm on Friday, 2 March 2018.
Which? explains exactly who’s affected and what you should do next to ensure you don’t fall victim to fraud.
The data leak impacts Tesco Bank Travel Money customers who used the foreign exchange currency service online between 14 December 2016 and 23 January 2017.
Travelex told Which? Money that this impacts just under 17,000 customers in total, and those that used the service outside of this period are not affected.
Was Travelex hacked?
Travelex says it can’t confirm exactly what happened, but ruled out a cyber-attack.
It says there has been no indication the data was stolen but it is conducting a ‘forensic investigation’ to establish what caused the data to be exposed.
What information has been leaked?
The data that has been leaked includes:
- full names
- date of birth
- home and mobile phone numbers
- delivery and billing addresses
- email addresses
- IP addresses
- partial payment card information.
Travelex confirmed that partial card information was disguised using payment card industry standards, so financial information has not been put at risk.
That said, your name, date of birth and contact details can help scammers build up a profile of you with the aim of committing identity theft.
What to do if you’re affected
At present, there is no sign that the leaked information has been used fraudulently by a third party. However, it’s unclear who had access to the exposed data, so it’s possible that information could be misused in future.
You should also be wary of unsolicited requests for personal information, even if they appear to come from your bank or credit card provider. In addition, avoid clicking on links in emails or text messages that arrive out of the blue.
Find out more in our guide: My data has been lost, what are my rights?
Travelex is contacting customers impacted by the data leak with more information about the incident and offering 12 months’ free fraud protection with Experian.
The firm has also set up a dedicated hotline 0800 9758376 open Monday-Friday 9am-5pm and email firstname.lastname@example.org for customers that have any concerns.
Is this incident linked to Tesco Bank credit cards?
Tesco Bank says that this latest incident is not linked to a breach that caused it to cancel credit cards.
It also confirmed the leak only relates to Tesco Bank customers that ordered travel money between 14 December 2016 and 23 January 2017.
What Travelex says
Travelex told Which? Money: ‘We are urgently investigating how some customer data was recently discovered to have been disclosed externally. All affected customers have been contacted with advice on what precautionary action to take. We are confident that no financial information has been disclosed.
‘The security of our customers’ information is paramount and a full investigation is underway. We are sorry to all our customers affected if there has been any inconvenience caused as a result of this incident.’