It's the news that nobody wants to hear: "your online details may have been accessed as part of a data breach". Perhaps it's an app you use everyday, or maybe a site you signed up for years ago and forgot about. Either way, data breaches are unfortunately a reality, and something that it pays to be prepared for.
We know they can be very scary, too. It's not a nice feeling to think that someone might have access to your personal details. And you'll never know for sure what an attacker might do with them until it's too late.
But if you take some simple actions, you can regain some control. And you'll put yourself into a more secure position against any future attacks.
To begin with, you need to understand what details are at risk
When a data breach happens, the company that held your data should get in touch with you as soon as possible. They should tell you what happened, when they found out, and what information they think has been accessed.
This may include:
Your name
Your bank account details
Your address
Your gender
Your date of birth
Sensitive financial information, like your National Insurance number
Any other information you've given the company, including messages and photos
Let's go over some simple actions you can take if you learn your details were accessed in a data breach.
Do:
Keep a close eye on any payments coming in and out of your accounts
Make sure there's nothing unusual in your transaction feeds, and watch out for new Direct Debits which can be set up using just your name, account number and sort code.
If you spot anything you don't recognise when checking your Monzo account, you can get in touch with us via the in-app chat.
Be extra cautious if you receive any emails, phone calls, or text messages purporting to be from organisations such as your place of work, Monzo, other banks, HMRC, utilities companies, or phone networks.
Just because they know personal details about you doesn't mean they are legitimate.
If it's a genuine communication, they’ll always be happy for you to hang up, search for their number online and call them back yourself so you know you're talking to the real deal.
Monzo will never call you unexpectedly, and calls will be arranged with you in the app-chat. We will never ask you to move money, or share personal details such as your PIN or passwords.
Bear in mind that fraudsters can sometimes spoof (copy) phone numbers so it looks like the number they are calling or messaging you from is the real company. The only way to be sure is to hang up, and call the company directly, using the number on their website, or on the back of any bank cards.
For more advice on suspicious messages, read our blog post on what to do if you receive an unexpected message.
Check your credit file regularly in case your details have been used fraudulently to sign up for other financial products
Fraudsters sometimes try to use stolen personal information to set up bank accounts or take out lending products in other peoples' names.
You can protect yourself against this by keeping an eye on your credit file or by signing up to a service that does this for you. The most widely used one is Cifas' Protective Registration, which you can find by searching online.
Don't:
Give out your email password or your Monzo PIN over the phone, via text message, or via email
Genuine Monzo employees will never ask you for your email password or your PIN over the phone, text message or email.
Enter personal information or log in details on websites sent to you over emails and text messages
Sometimes fraudsters will send you a text message or email containing a link. The link will take you to a fake website where you’ll be asked to enter personal information or banking details. Avoid clicking links from text messages and if you think it might be legitimate and you need to visit the page - check with the company in question before you do so.
Send any money out of your accounts if you are told to, without checking first!
Genuine Monzo employees will never ask you, over the phone, to move money out of your account into a new account, into a holding account, or anywhere else for that matter. We'll also never ask you over the phone to authorise a Monzo card refund in the app. If anyone is asking you to do so, please get in touch with us over the in-app chat instead.
The same goes for most other organisations. If in doubt, hang up and contact us or the organisation in question yourself.
Next steps
The main thing is not to worry. If you follow the above advice and stay vigilant and keep a close eye on things, you should be ok.
If you have any questions about a specific breach, have been victim of scam, or spot any unauthorised payments in your account, please don’t hesitate to get in touch with us using the in-app chat.