By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.

17,000 at risk from Tesco Bank Travel Money data leak: how to protect yourself

Details of nearly 17,000 Tesco Bank Travel Money customers have been exposed by Travelex - the provider of its foreign currency exchange service
Reena SewrazSenior Money and Retail editor

Sensitive information about Tesco Bank Travel Money customers - including names, addresses and partial payment card information - has been exposed by foreign currency service Travelex.

Travelex, which provides Tesco Bank's foreign currency service, confirmed it became aware that the information had been disclosed outside the firm on Friday, 2 March 2018.

Which? explains exactly who's affected and what you should do next to ensure you don't fall victim to fraud.

Be more money savvy

free newsletter

Get a firmer grip on your finances with the expert tips in our Money newsletter – it's free weekly.

This newsletter delivers free money-related content, along with other information about Which? Group products and services. Unsubscribe whenever you want. Your data will be processed in accordance with our Privacy policy


Who's affected?

The data leak impacts Tesco Bank Travel Money customers who used the foreign exchange currency service online between 14 December 2016 and 23 January 2017.

Travelex told Which? Money that this impacts just under 17,000 customers in total, and those that used the service outside of this period are not affected.

Was Travelex hacked?

Travelex says it can't confirmexactly what happened, but ruled out a cyber-attack.

It says there has been no indication the data was stolen but it is conducting a 'forensic investigation' to establish what caused the data to be exposed.

What information has been leaked?

The data that has been leaked includes:

  • full names
  • date of birth
  • home and mobile phone numbers
  • delivery and billing addresses
  • email addresses
  • IP addresses
  • partial payment card information.

Travelex confirmed that partial card information was disguised using payment card industry standards, so financial information has not been put at risk.

That said, your name, date of birth and contact details can help scammers build up a profile of you with the aim of committing identity theft.

What to do if you're affected

At present, there is no sign that the leaked information has been used fraudulently by a third party. However, it's unclear who had access to the exposed data, so it's possible that information could be misused in future.

If you're affected, you should take action to change your passwords and keep a close eye on your bank accounts and credit report for signs of suspicious activity.

You should also be wary of unsolicited requests for personal information, even if they appear to come from your bank or credit card provider. In addition, avoid clicking on links in emails or text messages that arrive out of the blue.

Find out more in our guide: My data has been lost, what are my rights?

Travelex is contacting customers impacted by the data leak with more information about the incident and offering 12 months' free fraud protection with Experian.

The firm has also set up a dedicated hotline 0800 9758376 open Monday-Friday 9am-5pm and emailcustomer.enquiries@travelex.com for customers that have any concerns.

Is this incident linked to Tesco Bank credit cards?

Tesco Bank says that this latest incident is not linked to a breach that caused it to cancel credit cards.

It also confirmed the leak only relates to Tesco Bank customers that ordered travel money between 14 December 2016 and 23 January 2017.

What Travelex says

Travelex told Which? Money: 'We are urgently investigating how some customer data was recently discovered to have been disclosed externally. All affected customers have been contacted with advice on what precautionary action to take. We are confident that no financial information has been disclosed.

'The security of our customers' information is paramount and a full investigation is underway. We are sorry to all our customers affected if there has been any inconvenience caused as a result of this incident.'

More on this

Related articles

About Us

Which? Limited is registered in England and Wales to 2 Marylebone Road, London NW1 4DF, company number 00677665  and is an Introducer Appointed Representative (FRN 610689) of the following:


1. Inspop.com Ltd for the introduction of non-investment motor, home, travel and pet insurance, who are authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635). Inspop.com Ltd is authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635) and is registered in England and Wales to Greyfriars House, Greyfriars Road, Cardiff, South Wales, CF10 3AL, company number 03857130. Confused.com is a trading name of Inspop.com Ltd. 


2. LifeSearch Partners Limited (FRN656479), for the introduction of Pure Protection Contracts and Private Health Insurance, who are authorised and regulated by the FCA to provide advice and arrange Pure Protection Contracts and Private Health Insurance Contracts.  LifeSearch Partners Ltd is registered in England and Wales to 3000a Parkway, Whiteley, Hampshire, PO15 7FX, company number 03412386.


3. HUB Financial Solutions, for the introduction of equity release advice and an annuity comparison service, who are authorised and regulated by the Financial Conduct Authority (‘FCA’) to provide advice and guidance on financial products for those who have retired or are approaching retirement (FCA Firm Reference Number: 455713). HUB Financial Solutions is registered in England and Wales to Enterprise House, Bancroft Road, Reigate, Surrey RH12 7RP, company number 05125701.


4. Alan Boswell Insurance Brokers Ltd (FRN 301), for the introduction of non-investment landlord insurances, who are authorised and regulated by the Financial Conduct Authority to provide advice and arrange insurance contracts. Alan Boswell insurance brokers Ltd is registered in England at Prospect House, Rouen Rd, Norwich NR1 1RE, company number 02591252.


Other financial services:

Mortgage service provided by London & Country Mortgages (L&C), Unit 26 (2.06), Newark Works, 2 Foundry Lane, Bath BA2 3GZ. London & Country are authorised and regulated by the Financial Conduct Authority (registered number: 143002). The FCA does not regulate most Buy to Let mortgages. Your home or property may be repossessed if you do not keep up repayments on your mortgage.


We do not make, nor do we seek to make, any recommendations or personalised advice on financial products or services that are regulated by the FCA, as we’re not regulated or authorised by the FCA to advise you in this way. In some cases, however, we have included links to regulated brands or providers with whom we have a commercial relationship and, if you choose to, you can buy a product from our commercial partners. 


If you go ahead and buy a product using our link, we will receive a commission to help fund our not-for-profit mission and our campaigns work as a champion for the UK consumer. Please note that a link alone does not constitute an endorsement by Which?.