Got an email saying my card may have been compromised at an "undisclosed merchant." Is this privacy granted to all breaches, or is it something case by case? If second, is it based on remidiation on the merchant's part, a prior contract with merchant specifying terms, the merchant's size, or what?
BofA (former employer) is being careful by avoiding statements that could expose it to legal liability. Naming a retailer would do this. Ultimately, why does the merchant name matter to you? BofA+(swipe)merchant absorbs the loss. Finally, are you still swiping? Chip insertion fixed skimming.