What to Do If Someone Hacks Your Bank Account

Discovering that your bank account has been compromised can be an unsettling experience. Prompt action is important to mitigate potential harm and regain control of your finances. This guide provides a clear path forward for individuals facing a hacked bank account.

Taking Immediate Action

Upon discovering unauthorized activity in your bank account, contact your financial institution without delay. Locate your bank’s fraud department or customer service number on your card, statements, or website. Provide your account number, a detailed description of suspicious transactions, and when you noticed the compromise. The bank will likely freeze or close the compromised account to prevent further unauthorized access and may issue new cards and account numbers.

Immediately after notifying your bank, change passwords for your compromised bank account and any other online accounts that share login credentials. This includes online payment services, other bank accounts, and especially your email, as email is often used for password recovery. Creating strong, unique passwords that combine uppercase and lowercase letters, numbers, and symbols enhances security. Using a distinct password for each online service reduces the risk of multiple accounts being compromised if one is breached.

Secure any devices used for online banking, such as computers, tablets, or smartphones. Run a comprehensive scan for malware or viruses using reputable antivirus software to remove any malicious programs that might have facilitated the hack. Ensure your operating system and all software applications are updated to their latest versions to patch security vulnerabilities. Disconnecting compromised devices from the internet can prevent further unauthorized access while you address the issue.

Reporting the Incident

Beyond contacting your bank, formally reporting the incident to relevant authorities is a significant step in addressing a bank account hack. Filing a police report is advisable, especially if a substantial amount of money was stolen or if you suspect identity theft occurred. The police report documents the crime and serves as evidence for your bank or other agencies. When filing, provide bank statements showing fraudulent transactions and any communications with your financial institution.

Reporting the incident to federal agencies provides another layer of protection and assists in combating financial fraud. The Federal Trade Commission (FTC) offers resources through IdentityTheft.gov to report identity theft and create a recovery plan. This platform helps report the incident to other agencies and organizations, streamlining the process. The FTC also compiles data on fraud, aiding in identifying trends and prosecuting offenders.

Notifying the three major credit bureaus—Equifax, Experian, and TransUnion—is an important protective measure. Place a fraud alert on your credit reports, signaling to lenders they should verify your identity before extending new credit. A credit freeze restricts access to your credit report entirely, preventing new credit accounts from being opened. While a fraud alert typically lasts for one year, a credit freeze remains in effect until you choose to lift it.

Disputing Unauthorized Activity and Monitoring

Formally disputing unauthorized transactions with your bank is a structured process that requires diligent documentation. Gather all relevant information, including transaction IDs, dates, amounts, and prior communications with your bank. Federal regulations provide consumers with protections and clear timeframes for disputing charges. Under the Electronic Fund Transfer Act (EFTA) and its implementing Regulation E, consumers generally have 60 days from the date a bank statement is sent to report unauthorized debit card transactions to limit their liability.

Under Regulation E, if you report an unauthorized debit card transaction within two business days of learning about it, your liability is limited to $50. If reported after two business days but within 60 calendar days of the statement, your maximum liability increases to $500. However, if you fail to report within 60 days of the statement date, you could be liable for all unauthorized transactions that occurred after the 60-day period. For unauthorized credit card charges, the Fair Credit Billing Act (FCBA) limits liability to $50, if reported within 60 days after the first bill containing the error was mailed.

After disputing charges, meticulously reviewing your bank statements and credit card statements for any further suspicious activity is important. This ongoing vigilance helps detect any new attempts at fraud or previously unnoticed unauthorized transactions. You are entitled to a free copy of your credit report from each of the three major credit bureaus annually through AnnualCreditReport.com. Regularly examining these reports helps identify any accounts opened in your name without your knowledge, indicating broader identity theft.

During the bank’s investigation, expect communications regarding their findings. Banks typically investigate claims promptly, often aiming to resolve issues within 10 to 45 business days, depending on the type of transaction and the complexity of the case. They may provisionally credit your account for disputed amounts while the investigation is ongoing, especially for promptly reported debit card fraud. It is important to cooperate fully with your bank by providing any requested information to facilitate a swift resolution.

Strengthening Your Financial Defenses

After experiencing a bank account hack, taking proactive steps to fortify your financial defenses is an important measure to prevent future incidents. Enabling two-factor authentication (2FA) on all your financial accounts and email provides an additional layer of security beyond just a password. This security measure typically requires a second form of verification, such as a code sent to your phone or a biometric scan, making it much harder for unauthorized users to access your accounts even if they have your password.

Implement regular account monitoring practices to detect suspicious activity promptly. Set up transaction alerts with your bank for notifications via email or text message for withdrawals, large purchases, or activity exceeding a specified amount. Consistently checking account balances and reviewing statements helps ensure all transactions are legitimate. This ongoing vigilance allows you to quickly identify and report any anomalies.

Reiterating the importance of using strong, unique passwords for all online accounts is essential for ongoing security. Avoid using easily guessable information like birth dates or common words. Employing a reputable password manager simplifies creating and storing complex, distinct passwords for online services, reducing the temptation to reuse credentials. These tools encrypt and securely store login information, requiring only one master password to access them.

Remaining wary of phishing attempts and other scam tactics is another actionable defense. Cybercriminals frequently use deceptive emails, text messages, or phone calls appearing to be from legitimate organizations, attempting to trick individuals into revealing sensitive financial information. Always verify the sender of suspicious communications and avoid clicking unfamiliar links or downloading attachments from unverified sources. Directly contacting your financial institution through official channels is always the safest approach if you suspect a communication is fraudulent.