OT but so much experience here!

Wife noticed this morning that her Barclays current account was £400
down from yesterday, with no transaction listed. She went into the
branch and they said "You bought a Dyson". She bought one three months
ago and thought she used the Barclaycard credit card, so came home to check.

Confirmed she did bought it from Amazon on Barclaycard.

Both Dyson and Amazon deny making the second transaction.

Phoned bank fraud department and failed the initial security check, her
DOB and/or mothers maiden name have been changed. But after
authenticating with the Pin Sentry they were happy to talk to her, said
"Card must have been cloned, we'll cancel it and send you another".

The original order was actually for three items, but the value of the
new transaction is *exactly* the same as the total, five digits so
unlikely to be chance (and the bank knew it was for a Dyson).

She only uses the card in ATMs or for online transactions, so I don't
*think* someone has literally cloned the card. Amazon may have her debit
card details as well as credit card.

Question.

What's leaked is the value of a specific transaction between Barclays
and Amazon (rather than Dyson, I assume) plus details of a card other
than the one used. Doesn't this imply that the leak must have come from
the systems of one of these two organisations? Data snatched from the
ether at the time of the original transaction wouldn't have been
associated with the debit card details.

By some miracle, she spotted this before the transaction had actually
gone through, so it may well have been stopped already. But I am
wondering what else we might be vulnerable from.

TIA!