Sites that store CC information are routine targets, you will really never know it could be a skimmer ( physical attack), could be hacking into a CC processor, it could be a small merchant that stored the data insecurely, there are so many avenues its really difficult to say where unless you used your card and the fraud starts right away. Even then the exact method may not be known.

Last round of fraud I went through originated when attending crossroads of the west.
Someone(s) went to multiple expensive dinners all in the same night - thankfully it was not mine to pay.

Before that it started right after a shopping trip to BassPro.

Anyone remember getting thier cellphone cloned ?
I had that happen so often going to one regional office I would turn off my phone before I got near Westminister.

Ways to get numbers:
Credit card generation algorithm program
Bribe a clerk to skim your card when you are not looking
Bribe a waiter to skim cards on the way to the back
Spyware
Bribe a worker at a car dealer to copy your credit app

AAA offers a free credit monitoring service- but u have to opt in and enroll in the program

I got my CC details stolen a while back, the D*****bags that got it was from a purchase I had made 6-7 months prior.

Just got hit on the 6th. I was miraculously getting gas 4 times in Colorado while buying beer in Van Nuys.