pull down to refresh

Either at least one of your devices was compromised or else a company (or any other third party) leaked your data most likely because of an attack. That what you describe is typical for a carding attack, somebody has your debit card data as well as ohter personal information like address, phone, email etc. but I dont think that the attacker has other data which are necessary to effectivly use the card, like your IP address, useragents, session cookies etc. otherwise he would sim swap your number. If so the consequences would have been far beyond receiving a sms with otp :)
Ofc check all your devices and anaylse your opsec. but imo it's enough to block the card and get a new one. you can change your phonenumber and email adress as well but that depens on your specific cost-benefit ratio.
oh yeah in case that you find anything on your device(s) you might need to do some more things. but from that what you describe it sounds more like a third party was hacked/leaked or acted malicious and sold the data
reply