I'm only one data point, but I've had three credit cards used maliciously. Each pre-auth for 1 dollar came from a company somewhere in Europe. After my card had been shut off, I would get a call asking about transactions, and they would all start off with that similar transaction.

Perhaps the person stealing the information is based anywhere, but the company commonly issuing the pre-auths is in Europe?