How did the bad guys get a hold of the debit card number? Was it just a string of random numbers that just happened to be your card's number? Or was it some kind of insider job or unknown data leak?
Pretty sure it was some kind of insider job. If memory serves right, other people at the time were also seeing debit card fraud with Ally cards. Since it was an online purchase, it presumably would have required more info than just a lucky guess of a card number. Expiration date and CVV, perhaps name and zip code, would have to be known or guessed, too.