It happened to me a few years ago.
You can have all the "gold padlocks" you want.
I paid a bill to "British Gas" over the telephone using my CC, two weeks later somewhere around 8:30am on a Sunday morning I receive a phone call from my CC people asking if I had just used the card etc, NO I'm still in bed.
Prior to this British Gas did phone me to say they had lost the details in a systems crash, this did make me suspicious if they had lost them, how did they know I had paid them, so can they have them again, "yes after I phone them back on the number I always use", not the number now being given out.
Although all that was cosha.
I was also then advised to contact the police and my credit card company and to report the number as being "STOLEN"
So it now turns out to have been stolen from British Gas's computer system, not lost in a system crash, but they never publicly admitted a employee had stolen lots of numbers.
Sorry for the rant,
My point being, it makes no matter whatsoever with whom or where you use your card, "it can still be compromised"
Wrong Place, Wrong Time, and bingo.