Financial FraudHome Users8 min read · Updated June 2026

My Bank Account Has Been Hacked — What to Do

If you believe your bank account has been accessed without your permission, act immediately. UK banks have dedicated fraud teams and legal obligations to help you. The faster you contact them, the more likely they are to stop the fraud and recover your money.

Step 1 — Call Your Bank Right Now

This is your most urgent action. Do not wait.

Call the fraud number on the back of your debit or credit card, or use your bank's app to freeze your card immediately. Most major UK banks have 24-hour fraud lines:

Barclays0345 734 5345

HSBC0800 085 5594

Lloyds0800 072 8668

NatWest0800 161 5154

Santander0800 313 4321

Halifax0800 500 3920

MonzoIn-app chat (24 hours)

StarlingIn-app chat (24 hours)

Important:Use a number from the back of your card or your bank's official website — not from any email or text you received about the fraud.

Step 2 — Document Everything

Before the bank clears the record:

Screenshot or note down any transactions you do not recognise (date, amount, merchant)
Note when you first noticed the problem
Keep any emails, texts, or notifications related to the fraud

This information supports your claim and speeds up the investigation.

Step 3 — Know Your Legal Rights

UK law gives you significant protections as a fraud victim:

Authorised Push Payment (APP) Fraud

(you were tricked into making a payment yourself)

Under the Payment Services Regulations 2017 and the APP Fraud Reimbursement Code (effective October 2024), UK banks are generally required to reimburse victims up to £85,000, subject to certain conditions. You must not have been grossly negligent.

Unauthorised transactions

(someone accessed your account without your knowledge)

Under the Payment Services Regulations, you are entitled to a refund as long as you report promptly and have not acted fraudulently or with gross negligence.

Credit card — Section 75 of the Consumer Credit Act

If the fraudulent purchase was made on a credit card for goods or services costing between £100 and £30,000, you may have additional protection — the card provider is jointly liable.

Protect your accounts before it happens again.

Your free Cyber Nova AI plan covers account security, two-factor authentication, and fraud prevention — step by step, in plain English. Free to start.

Get my free security plan

Step 4 — Report to Action Fraud

After speaking to your bank, report the fraud to Action Fraud:

Online: actionfraud.police.uk
Phone: 0300 123 2040 (Monday–Friday, 8am–8pm)

Your bank may also recommend reporting, particularly for larger amounts. A crime reference number from Action Fraud can support your claim.

Step 5 — Secure Your Accounts

Once the immediate crisis is managed:

1Change your banking password — use something strong and unique.

2Enable two-factor authentication on your banking app if not already active.

3Change passwords on any other accounts that use the same password as your banking login.

4Check your email account — if a criminal had access to your bank, they may have had access to the email address connected to it.

Step 6 — Consider CIFAS Protective Registration

If you believe your identity has been used fraudulently — not just one account, but your personal details — consider registering with CIFAS. A protective registration adds a flag to your credit file that warns lenders to take extra verification steps before approving credit in your name. Cost: £25 for two years. Details at cifas.org.uk.

Need the full UK cybercrime reporting guide?

How to Report a Cyber Attack or Data Breach →

For a full account recovery guide, see: How to Recover a Hacked Account →

Frequently asked questions

Will my bank refund me if my account was hacked?

For unauthorised transactions (where you did not make or authorise the payment), yes — UK law requires banks to refund you promptly unless you acted fraudulently or with gross negligence. For APP fraud (where you were tricked into making a payment), the new APP Reimbursement Code means most banks must reimburse up to £85,000.

How quickly do I need to report bank fraud in the UK?

As soon as possible — ideally within hours. The sooner you report, the more likely the bank can freeze the transaction and recover funds. There is no strict legal deadline but delay weakens your position.

What if my bank refuses to refund me?

If your bank refuses a legitimate fraud claim, you can escalate to the Financial Ombudsman Service (FOS) at financial-ombudsman.org.uk — it is free to use and the Ombudsman can require the bank to pay.

Get properly protected — free

Cyber Nova AI gives you a personalised cybersecurity plan based on NCSC guidance. Free to start. No technical knowledge needed.

Start my free security plan