Most likely someone guessed your password to your banking. It's highly unlikely your Macbook was hacked. This was most likely done on the web only. Unless someone had physical access to your computer without any protection of logins.
Passwords
If you use the same password for banking as anywhere else. Don't do that. Every password needs to be unique. Many websites have breaches and poor practices for storing passwords. There's huge lists of stolen login credentials shared, bought and sold. Those credentials will get tried on various sites. That's why every password needs to be unique.
If you use variations of the same password. Don't do that. If someone knows one password. They'll try common variations.
If you use any personal information for passwords. Such as birthdates, names, places lived and such of friends and family members. Don't do that. Your password may get guessed through social engineering.
If you use names of sports teams, movies, books, cities, states, &c. Don't do that. Those are commonly used by people. It's probably tougher to guess that personal info but still potentially guessable.
Use random sets of words. Such as quickbrownfox. But not that specific one. As that has now been published online. It's something a computer brute forcing passwords will eventually try.
Have a password management strategy. I recommend using a password manager to store all logins. Then protect the manager with one really good password. They can generate strong and random passwords for you. All you have to remember is the one really good password for your password manager. At the very least. Manage them manually with a password protected Excel workbook.
2FA (Two-Factor Authentication)
Turn on 2FAn all websites. This way on non trusted devices. Even if someone managed to get your password. They won't be able to login without the 2FA.
This is done in a variety of ways. It all depends on the website. Most will at least let you have them set it. To send an email or text message on login. So, that you need to enter the code sent to you when prompted. These are the weakest 2FA options. They are at least better than nothing.
Better ones will use a designated app on your smartphone for the 2FA. Where you'll be prompted to open the app and click allow for the login. Another being an authenticator app. Which may be used for authentication of multiple websites and generates a time sensitive random code. Such as Google Authenticator.
Security Questions
Some websites have horrible security practices and still use security questions for password and account recovery. Never answer these honestly. Anyone who knows you or who has researched your social media and public records will be able to figure out the answers. Just treat them like passwords and generate random characters or sets of words. Then store them in the notes section of your password manager or your spreadsheet. Don't lose them.
Logging In
Verify you are on the right website in your address bar. Websites get spoofed all the time. Save bookmarks of your important financial websites at least. So, you have a verified method of navigation to a website.
Never click links to websites from random emails or text messages. Doubly so for emails with account alerts. As there is so much fraud. They trick you to click some link. You see a fake (spoofed) version of the website. Enter your login credentials. Then they have them.
