PanicStation.org
UK USA
us Money & financial emergencies card details exposed • card number leaked • payment card breach alert • card details compromised • possible card fraud warning • data breach notification • card used without permission • unknown card transactions • debit card details stolen • credit card details stolen • card details on dark web • card saved online accounts • recurring card payments risk • bank impersonation scam • phishing after data breach • replace card urgently • freeze credit file • place fraud alert

What to do if…
you get an alert that your card details may have been exposed in a data breach

Short answer

Secure the card through your card issuer (using the number on the back of the card or the official app), then protect your credit with a fraud alert or security freeze if personal info may have been exposed.

Do not do these things

  • Don’t click the link in the alert or call the number it provides — use your issuer’s app or the number on the back of your card.
  • Don’t share one-time codes, passwords, PINs, or approve “security prompts” you didn’t initiate (including prompts to add a card to a mobile wallet).
  • Don’t assume it’s safe because you don’t see fraud yet — stolen card numbers are often used later with small “test” charges.
  • Don’t immediately close your main checking account or cancel essential auto-payments in panic; lock/replace the card first, then clean up.
  • Don’t pay for “dark web removal” or “credit repair” based only on an email/text.

What to do now

  1. Verify the alert safely. Log in through your card issuer/bank’s official app or type the website yourself. If you call, use the number on the back of your card.
  2. Lock the card and request a replacement. Use “lock/freeze card” if available and ask for a replacement card with a new number if the details may be exposed.
  3. Review transactions line-by-line and report anything unauthorized immediately. Look for small “test” charges, unfamiliar merchants, and new subscriptions. Report unauthorized charges through the issuer’s fraud process right away.
  4. If it’s a credit card billing error, protect your rights in writing. Call the issuer, and also send a written billing error notice within 60 calendar days after the charge appears on your statement. Keep copies and note dates/times of calls.
  5. If it involves a debit card or money missing from your bank account, report fast.
    • If your debit card or PIN was lost or stolen, try to notify your bank within 2 business days of discovering it.
    • Even if you still have your physical card, notify your bank right away about any unauthorized electronic transfer — and no later than 60 days after the statement that shows the unauthorized transaction.
    • If your bank asks you to confirm in writing, do it promptly and keep a copy.
  6. Check mobile wallets and any “saved card” locations. Remove the card from Apple Pay/Google Pay/Samsung Wallet and from merchant wallet accounts you use. Re-add only after you’ve confirmed the replacement card details. Remove saved cards from high-risk accounts (big retailers, delivery apps, ride-hailing, app stores).
  7. If more than just the card number might be exposed, protect your credit file.
    • Fraud alert: contact any one of the three bureaus and it should apply to the others.
    • Security freeze: place it separately with each bureau to make new credit harder to open in your name. These are free and you can lift them when you need to apply for credit.
  8. Check your credit reports using the official free route. Pull your reports through the official site and look for new accounts, address changes, or inquiries you don’t recognize.
  9. If identity theft starts (new accounts/loans), use the government recovery flow. Report and follow the step-by-step plan designed for identity theft recovery.
  10. Keep a short incident log. Date/time of alert, what data was said to be exposed, actions you took, and any case/reference numbers.

What can wait

  • Switching banks, replacing multiple cards beyond the one exposed, or paying for monitoring you don’t understand.
  • “Fixing your credit score” — the priority is stopping new accounts and disputing anything fraudulent.
  • A full password overhaul of everything — focus on your email, financial logins, and accounts where the card is saved.
  • Any legal action related to the breach notice.

Important reassurance

A breach alert feels urgent and invasive, but a few steps make a big difference: lock/replace the card, monitor and report unauthorized charges quickly, and freeze/alert your credit if identity details may be involved.

Scope note

This covers first steps for the first hours and days after an exposure alert. If you later discover broader identity theft (new credit accounts, benefits/tax fraud), you’ll likely need a longer recovery checklist.

Important note

This is general information, not legal or financial advice. Protections and timelines can differ based on whether the issue involves credit cards, debit cards, and electronic transfers, and on your account terms. If you see suspicious activity, contact your card issuer/bank using trusted contact details immediately.

Additional Resources
Support us