When I was in college and working for a bootstrapped startup I was handed an unprotected thumb drive with an excel spreadsheet containing all the credit card numbers, expiration dates, address, social security numbers, etc of all the clients (thousands) and told to take it home for when I was working out of the office. I was too ignorant to realize how terrible, and I'm sure illegal this was. Of course I never abused it but it definitely makes me wary of my data these days. I imagine this happens much more than people think. Don't worry, the company I speak of was localized and failed now I think. It's prudent to cancel your cards once or twice a year and be careful who you trust. Some companies value convenience over security and put way too much trust in the employees.