In what is being described as one of the biggest ever breaches of financial data in India, approximately 32 lakh debit cards in India are said to have been affected as customers reported unauthorised usage from locations in China.

The banks worst hit from the cybersecurity attack are reported to be State Bank of India, Yes Bank, ICICI Bank and Axis Bank, among many others. The data breach appears to have affected international card issuers such as MasterCard and Visa, along with India’s RuPay, which together make up for the bulk of 697 million debit cards issued in the country.

As banks investigate the breach on facing the music from the government and the Reserve Bank of India, they are requesting customers to either replace their debit cards or change their ATM passcodes – depending on the vulnerability of each card holder.

While the card breach seems to be the tip of the iceberg of the technological vulnerabilities in the digital banking ecosystem as banks like Yes Bank, Axis Bank and ICICI Bank started requesting customers to change their ATM password in the past few weeks – indicating a problem that was recognised much earlier than it was reported or disclosed in the public domain by the banks.

Meanwhile, authorities suspect more vulnerabilities in the system and have begun to investigate the breach through a forensic audit ordered by the Payments Council of India on the whole server and network infrastructure of the banking system in the country.

“We have received complaints from banks about debit cards being used in China which aroused suspicion,” AP Hota, Chairman of the National Payments Corporation of India told the Economic Times earlier this week. The entire network is being audited for security threats, Hota was quoted as saying.

“Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole a forensic audit of the entire network will help us find out where the compromise happened,” Hota said.

Even as banks investigate the breach and decide how to compensate the affected consumers, here’s what you can do immediately to make sure that your banking account is safe and secure.

Phishing scam dudes sending smarter DMs. A neighbor was nearly taken in by this. in icici URL, i replaced by L. pic.twitter.com/bzoHkkoiy4 — Prasanto K Roy (@prasanto) October 18, 2016