The issuer isn’t liable if there was gross negligence. I am not a lawyer, but I think a strong argument could be made that reactivating a card lost in public was grossly negligent.
Cloning the magstripe requires specialised kit (at least a cheap audio jack magstripe reader for your phone). Pre-playing contactless magstripe only needs a phone with NFC, and stealing the front and back for Internet purchases only needs a camera.
This is why I also hate the US system of restaurants taking cards to the back. But since that’s compliant with network rules allowing it isn’t negligence.
I’m not saying any of this is likely. Simply that it’s security best practice to assume it’s compromised.