Sensitive information about Tesco Bank Travel Money customers - including names, addresses and partial payment card information - has been exposed by foreign currency service Travelex.
Travelex, which provides Tesco Bank's foreign currency service, confirmed it became aware that the information had been disclosed outside the firm on Friday, 2 March 2018.
Which? explains exactly who's affected and what you should do next to ensure you don't fall victim to fraud.
The data leak impacts Tesco Bank Travel Money customers who used the foreign exchange currency service online between 14 December 2016 and 23 January 2017.
Travelex told Which? Money that this impacts just under 17,000 customers in total, and those that used the service outside of this period are not affected.
Travelex says it can't confirmexactly what happened, but ruled out a cyber-attack.
It says there has been no indication the data was stolen but it is conducting a 'forensic investigation' to establish what caused the data to be exposed.
The data that has been leaked includes:
Travelex confirmed that partial card information was disguised using payment card industry standards, so financial information has not been put at risk.
That said, your name, date of birth and contact details can help scammers build up a profile of you with the aim of committing identity theft.
At present, there is no sign that the leaked information has been used fraudulently by a third party. However, it's unclear who had access to the exposed data, so it's possible that information could be misused in future.
You should also be wary of unsolicited requests for personal information, even if they appear to come from your bank or credit card provider. In addition, avoid clicking on links in emails or text messages that arrive out of the blue.
Travelex is contacting customers impacted by the data leak with more information about the incident and offering 12 months' free fraud protection with Experian.
It also confirmed the leak only relates to Tesco Bank customers that ordered travel money between 14 December 2016 and 23 January 2017.
Travelex told Which? Money: 'We are urgently investigating how some customer data was recently discovered to have been disclosed externally. All affected customers have been contacted with advice on what precautionary action to take. We are confident that no financial information has been disclosed.
'The security of our customers' information is paramount and a full investigation is underway. We are sorry to all our customers affected if there has been any inconvenience caused as a result of this incident.'