Originally Posted by
lxpatterson
According to their policy:
We may also make certain third party offers available on our site from time to time, some of which may require us to pass a user’s personal information to them for processing. Should a user choose to accept such an offer, we will pass that user’s relevant personal information, which may include name, postal address, credit/debit card number and any other required billing information, to that specific third party.
This simply states Nashbar will pass along relevant payment information to a third party if you choose to accept the third-party's offer from Nashbar's website. There is no wording here to indicate Nashbar reserves the right to pass along and/or share information with a third party without your knowledge.
As stated by others, this is probably the result of hacked or compromised merchant servers. The idea earlier of getting a one-time-use credit card number is great advice.