I haven't heard of a breach of any of these sites yet - more likely your data was stolen some time in the past year and was sold on the dark web sometime during that period and just used now. They might take some card numbers from a purchased list and do card testing (small dollar transactions in a card-not-present environment) before running the whole list on purchasing fenceable products.
Was your card fraudulently used on websites that don't ask for the CVV (3-digit code) in their shopping cart or did they get that too? Or were you just notified by the bank that your account was compromised (which means they found your name/card number from a compromised site/store or a dark web sell list)?