One of my other concerns about this is identity theft. It stands to reason that if a processing center employee has a CC number (obviously part of a ring of thieves), it also has a physical/malling address, phone number, email address, etc, along with it. In my close fraud call, the thief only needed three pieces of information to establish an identity. My step-daughter had her identity stolen in the 90s and didn't know it until she applied for a job at Sears last year where they told her she was in their records as "not rehirable"... she had never worked there but that's how she found out about the 90s theft. Shortly after that, her bank account was closed and she found out another person had opened an account there with her identity and it was tied to her accounts and overdrawn. She went through the mess of police involvement, etc. The police really don't care about this stuff although they don't tell you so. Anyway, things get deeper... once your identity is out there, it crops up sporadically when its resold by rings of thieves. So changing your CC number, putting a block on it, etc is not going to solve the problem if its your identity being used. Keep a check on your credit report as well as social security records if there has been a fraudulent attempt with your CC.. you aren't, necessarily, out of the woods. True, living in Arizona, so close to the border, this is a hotbed with the illegals but identity theft is epidemic everywhere.
Edit: given the potential gravity of the situation, I'm glad to see some vendors being named here. As for the "its not them doing it" stand.. no, but they are using a processing center that is suspect so it comes down the same way. Customers/members should be protected through shared information... not the vendors. I use WOT in my browser to avoid suspect sites and that's strictly user driven reporting. People sharing info is something we all need to do to help protect each other.