Automated fuel dispenser skimming is the most frequent form of data theft, the report said. To pull this off, a skimmer usually affixes a device over the mouth of the card reader and secretly captures credit and debit card information when customers insert their cards into the ATM machines or fuel pumps. Criminals also use a combination of cameras and video devices to capture cardholder PINs as part of their ATM skimming scheme.

Chain operators and independents have different levels of sophistication and processes regarding data security, which leads to inconsistency, the report revealed. Adding to the problem is the continued use of vulnerable, magnetic stripe cards at the pump versus chip cards, as well as the growing expertise of data thieves. The EMV compliance deadline for automated fuel dispensers is Oct. 1, 2017.

The analysis found California had the highest number of data breach incidents in 2015 at 199, with Florida coming in second at 130. California retained the top spot from 2014, while Florida rose to the No. 2 spot. New York came in third in 2015 at 102 incidents.

In December, CU Times reported the debit card fraud rise in California created so much concern among credit unions that at least one, the $933 million, El Segundo, Calif.-based Xceed Financial Credit Union, took the unprecedented step of blocking cards used at 7-Eleven and Wells Fargo terminals.

Bulletins sent by CO-OP Financial Services to its member credit unions said the CUSO was aware of a number of ATM card skimming cases primarily occurring at 7-Eleven locations in the Mid-Atlantic area and Southern California.

In Michigan, out of state gangs covertly attached card readers and small cameras inside gas pumps, according to Mlive.com. The scams ran from early July 2015 to September of this year.