Is it possible to clone my contactless debit card while it's in my pocket?

If your debit card has an NFC chip on it (the "tap to pay"), it's possible. This presentation discusses two methods. One is skimming an NFC card and using the recovered data for making Card Not Present transactions online. The other is called a "pre-play" attack, where "future transactions" are skimmed from the card in your pocket, and used to make purchases before you use the card again. Ironically, you might have stopped some of these if you had used your card before the attacker had the chance to commit fraud.

Because it's possible, does that mean it's likely? Hard to say. But if it was in fact a case of NFC skimming, then you live, work, and pray very near someone who might target you again. Consider keeping your NFC cards in an RF-blocking wallet, or leaving them at home. Since it sounds like you rarely use them, this shouldn't alter the convenience factor much.

The good news is that your bank protected you from losses related to the theft, and that you don't have to worry too much about it.