I would make sure you change your username and password at your bank, but then also change your password everywhere else you can but to something completely dissimilar to your banking info. Also change the password on your email and enable two factor auth on your email and every platform its available. I’d also ask your bank to add a call in code. If I call one of my banks I have to give a security code before they’ll talk to me (optional feature I enabled). You can also enable your cards to email you every time a purchase is made so you see immediately. We had a debit card that hasnt been used in 6 years and was sitting in our safe hacked, and then a CC at a different bank (also still in our possession) hacked all in a matter of two weeks last fall. We caught the debit card thanks to the email we have turned on for that account. They didn’t have the same password either but similar derivative. I read most hacks like this hack your email and can see all of your accounts from there, or they may get card/account #1 from something like the Disney+ hack and then work their way through similar accounts banking on the fact you gave the same/similar username and password.