I got a letter from Prana, an online store from which I bought some yoga pants. The letter said that their server had been compromised and they had lost data. So sorry. We think they may have decryped the database and may have all of your information including the security code on your credit card. You might want to change your password and watch your finances. No kidding! That would account for my debit card being compromised a month ago when your servers were actually hacked.
Just how does one decrypt a decently encrypted server? I'm thinking more likely it was not encrypted at all. And I'm pretty sure I did not check the box saying to keep my card on file.
This is so common now days I hardly blinked when I got the bank notification. Fortunately I only keep a few hundred bucks on my debit card so my exposure is pretty limited. And the bank gave me back the $16 or so that was successfully stolen. If I thought they might care I'd send them a copy of the letter so they could sue the incompetent store.
File the letter away and move on. Fortunately I don't need any more yoga gear for a while.