The credit card system is obsolete and needs a total overhaul. Long story short, they only need to compromise 12 digits in most cases, not the 16 + 4 + 3 they should have to.
Because most banks use the same 8 initial digits for all their cards, or most of them, (last time you got a new card number from the same bank, I bet it has the same 8 digits as the other one), that eliminates 8 of the 16 numbers they have to know. That leaves just 8 numbers + the 4-digit expiration date. And since computers can perform millions of operations per second, it doesn't take them very long to come up with a solution that works. The 3-digit confirmation number isn't even required for most kinds of transactions.
In the modern computer age, your card will get compromised from time to time, even if you never use it even once. You could do no more than activate your new credit card, and leave it unused, and it will probably get compromised eventually.
Practically all US-based computer transactions, however, don't even give them an opportunity to steal your number. Card processing systems are so secure and so automated that there is almost no way for them to get your number. What you have to worry about more are face to face transactions, restaurants, and such. Any time the card is physically taken out of your sight, it opens the opportunity to someone copying down the information.
However, because it is a credit card, you are not responsible for any fraudulent purchases made against your card. Not so with a debit card. Credit cards are THE safest means of doing business as a consumer. However, you pay for this protection and convenience by occasionally finding that your card won't work.