Two years ago I signed up for a Chase/Amazon credit card for the rewards. This week I received a call from Chase that they had declined a $1000+ purchase from an on-line retailer. They asked if I had made the purchase, and I said that I did not order from the merchant. Somehow my credit card number was acquired by an unauthorized person.
The problem is that I used the Amazon card only for Amazon.com purchases. After I received it, I wrote VOID in the signature space on the back of the card and put it in a file folder in my filing cabinet. It was never in may wallet, it never left the house, and it was never used for any online purchases except from Amazon. I cut is up when Chase cancelled the card for the fraudulent purchase attempt.
I contacted Amazon about the security breach and received the standard form letter about other family members using the card and requesting more information. I had explained in my first contact with Amazon that the card never left my house, and it was used only for Amazon purchases by me. I do not store the credit card number on my computer, so the only way it could be found would be from Amazon or Chase.
If Amazon was the source of the breach, it would have huge effects on their business. The same is true for Chase. Both have business reasons to sweep this under the rug.