Considering the number of similar breaches that have been publicized this year, 'it surprises me that large merchants like Sam's haven't rushed to secure their systems yet,' Sherman said.

The fallout from such breaches is especially hard on credit unions, a vast majority of whom don't have the size and scale of larger banks, she said. The typical hard costs involved in blocking and replacing cards is around US$3.50 per card, she said. But longer-term costs in terms of damage to reputation, customer churn and future fraud losses are much harder to calculate, she said.

'The average consumer doesn't understand that it was Sam's Club who was at fault and not the actual issuer of the card,' she said.

The Sam's Club breach is the latest in a string of data compromises this year at organizations that have included Bank of America Corp., ChoicePoint Inc. , the University of California and CardSystems. Those breaches have fueled consumer concern about data protection and talk of legislative action to make companies more accountable for the data they own. The breaches have also resulted in Visa and MasterCard requiring all companies that handle payment-card information to comply with their Payment Card Industry (PCI) data-protection standard.

"Visa is aggressively partnering with entities across the nation to broaden adherence to these standards," the company said in its statement regarding the Sam's Club breach. "As Visa has said before, it's important that every entity that handles payment card information adhere to the highest data protection standards, such as the PCI standard, to protect the security and privacy of their customers."