Credit card security breach at Simple Practice?

Hi, my client uploaded new credit card to the client portal.  Within 1 hour, their credit card company contacted them about several fradulant charges from other states, suggesting their card had been hacked online.  Are there any recent security breaches in the Simple Practice system?  I have not had this issue before.  I also had not yet charged the client for any sessions.