PanicStation.org
UK USA
uk Money & financial emergencies card details exposed • card number leaked • payment card breach alert • card details compromised • possible card fraud warning • data breach notification • card used without permission • unknown card transactions • debit card details stolen • credit card details stolen • card details on dark web • card saved online accounts • recurring card payments risk • bank impersonation scam • phishing after data breach • replace card urgently • freeze card in banking app • suspicious payment alerts

What to do if…
you get an alert that your card details may have been exposed in a data breach

Short answer

Treat it as real until you’ve checked: use your bank/card issuer’s app or the phone number on your card/statement to freeze the card and review recent transactions.

Do not do these things

  • Don’t click links or call numbers from the alert email/text/pop-up — use the banking app or a trusted number you already have.
  • Don’t share one-time passcodes, card PIN, or passwords — and don’t approve security prompts (for example “add this card to a wallet”) unless you started the action.
  • Don’t assume “no money missing” means you’re safe — stolen card details can be tested later with small charges.
  • Don’t cancel Direct Debits in panic — card details exposure mainly affects card payments. Focus on locking/replacing the card and checking for recurring card payments/subscriptions.
  • Don’t pay anyone offering to “remove your details from the dark web” based only on a text/email.

What to do now

  1. Verify the alert safely. Open your banking app (or type the bank’s web address yourself) and check messages/alerts. If you need to call, use the number on the back of your card or on your statement.
  2. Freeze/lock the card immediately (or ask the issuer to block it). If your issuer offers an in-app freeze, use it. If not, call and ask them to block the card and issue a replacement with a new card number.
  3. Check transactions line-by-line (not just the balance). Look for small “test” payments, online purchases you don’t recognise, or new subscriptions. If anything is wrong, report it as an unauthorised card payment in-app/phone and ask what they need from you.
  4. Tighten controls for the next few weeks (only if the features exist in your app). Turn on instant spending notifications; temporarily restrict settings you don’t need (for example online/international/contactless) until the replacement card is active.
  5. Check digital wallets and devices linked to your card. In your banking app (or wallet app), look for card “wallets/devices” and remove the card from any device you don’t recognise. If you use a mobile wallet, remove the old card and re-add only after you’ve confirmed the replacement card details.
  6. Secure the places where your card is saved. Prioritise accounts that can spend quickly: major retailers, delivery apps, ride-hailing, app stores, and any merchant wallet. Remove the saved card. If you reused passwords, change them — starting with your email account — and turn on two-step verification where available.
  7. Expect follow-up scams and cut them off quickly. If someone contacts you claiming to be your bank about “the breach” or “fraud”, end the contact. Then call your bank back using a trusted number (card/statement/app).
  8. If the breach included identity details (not just a card number), consider extra protection. If your name/address/date of birth (or similar) were exposed and you feel at heightened risk, you can consider a fraud-protection flag such as Protective Registration. This can add extra checks (and delays) when you apply for credit and typically lasts a fixed period, so it’s optional and situation-dependent.
  9. Keep a short incident log. Note the date/time of the alert, what it claimed was exposed, actions you took, who you spoke to, and any reference numbers. Screenshot suspicious transactions.

What can wait

  • Replacing other cards “just in case” or switching banks.
  • Deep-cleaning every password you own — focus first on the card, your email, and the accounts where the card is saved.
  • Complaints/escalations about the breach notice itself.
  • Reporting to fraud agencies unless you actually see fraud (if you do see fraud, you can report it — but locking/replacing the card comes first).

Important reassurance

This kind of alert is unsettling, but you can reduce the risk quickly: lock/replace the card through your issuer, monitor transactions, and avoid scam follow-ups. You don’t need to solve everything today.

Scope note

This is first-steps guidance for the hours and days after an exposure alert. If you later find identity fraud (new credit, loans, accounts), you may need additional specialist support and a longer recovery process.

Important note

This is general information, not financial or legal advice. Bank processes and protections vary by provider and by the type of payment. If you see suspicious activity, contact your bank/card issuer using trusted contact details immediately.

Additional Resources
Support us