Well, they don't *know* which cards were actually compromised. NOBODY _knows_ which card numbers were actually stolen from CardSystems.
CardSystems only knows which card numbers were _vulnerable_ to have being stolen -- data as to which of those _were_ stolen is simply not available.
NOT surprising. MC has a _lot_ more cards out there, and a *lot* more transactions/day than AMEX does.
Identifying 'suspect' transactions is one thing -- you look for things that are 'inconsistent' with the history _for_that_account. Identifying *where* a 'data theft' occurred, is a whole different kettle of fish. You have to have a _volume_ of accounts with similar suspect transactions first, and then go looking for 'common history' in prior activity on those accounts.
If only because of the larger number of cardholders, and thus the larger volume of transactions, I would _expect_ MC to find 'statistically significant' correlations sooner than Amex.
Well, unless, _you_ keep a record of everything you charge -- date and amount. And match them against the statements you get. It's not really rocket science.
I used to do it every month, for several corporate cards that had several _hundred_ charges/month. Life was _really_ fun when the Company President's son (away at college) used daddy's card to sign up for Internet access (and the fact that the initial posting was 'late', and was for _4_ months services). That one _jumped_ off the statement at me -- the company had it's own dial-up pool, and everybody used _that_ for home access.
If you choose not to do so, and 'uncritically' accept their accounting, that _is_ your choice.
Note: if you are in the UK, as your email address seems to indicate, it is _unlikely_ that any of your cards were exposed via the CardSystems 'problem'. Unless you're doing siginficant credit-card buying in the U.S., that is. CardSystems clears almost exclusively for U.S.-based merchants.