Tesco Travel Money customers hit by data breach - here's what to do if you're affected
Thousands of Tesco Bank customers' names, addresses and partial payment card information have been inadvertently leaked by provider Travelex.
Travelex, who run Tesco Bank's foreign currency exchange service, have today confirmed to MoneySavingExpert that data from 17,000 users have been disclosed outside of the company.
The breach affects Tesco Bank travel money customers who used its foreign exchange currency service online between 14 December 2016 and January 2017, so if you used it outside of these dates, you're protected.
If you're one of those affected, you should expect a letter from Travelex soon. When we contacted Travelex for more information, we were told that the breach was likely caused by 'human error', rather than a cyber attack, though this has not been officially confirmed by the company and an internal investigation is ongoing.
What data has been leaked?
Leaked data includes full names, dates of birth, phone numbers, delivery/billing addresses, email addresses, IP addresses and partial payment card numbers.
In a letter already sent to some affected customers, Travelex advises that the partial card information leaked was 'in compliance with payment card industry standards' and therefore cannot be attributed to an individual card. The company goes on to stress that 'no financial information was put at risk'.
Tesco have confirmed the breach is unrelated to last week's cancellation of some of its credit cards. For more info see our Tesco Bank cancels some credit cards as a 'precautionary measure' MSE News story.
What should I do if I'm affected?
Travelex has stated that there is no indication that the leaked data has been used by a third party. However, it concedes that the data may be misused in future, so advises the following:
Review all bank accounts and credit card statements for unusual transactions.
Be cautious of any unsolicited communications that ask for any personal information or refer you to a website asking for the same.
Review guidance issued by the Information Commissioner's office in relation to data security incidents.
Sign up to Travelex's offer of a complimentary 12 months fraud protection. Instructions of how to activate should be included in the letter.
If you have any more concerns, Travelex have set up a dedicated team for affected customers. They can be reached on a special hotline 0800 9758376 (Open Mon-Fri 9am-5pm) or via emailcustomer.enquiries@travelex.com.
What does Travelex say?
A Travelex spokesperson told us: "We are urgently investigating how some customer data was recently discovered to have been disclosed externally. All affected customers have been contacted with advice on what precautionary action to take. We are confident that no financial information has been disclosed.
"The security of our customers’ information is paramount and a full investigation is underway. We are sorry to all our customers affected if there has been any inconvenience caused as a result of this incident.”