Just a theory – but it may be possible that Sam’s Club (specifically one of their mobile apps, or the data linked to it) has been compromised. I’ve had two reports of users who have recently used the Scan & Go feature only to shortly afterwards find that their account was fraudulently accessed and used.
Sam’s Club recently made a change where they integrated the Scan & Go functionality into their main mobile app. Coincidental timing? Please reach out if you have any information that could help track this down.