From time to time do you receive a list of "potentially" compromised debit cards from mastercard or processor? I think the cards are probably cancelled and new ones issued. Are we required to file a SAR on these customers?

Unless you have the minimum amounts of suspect activity (i.e. $25k on an unknown entity) you aren't required to file a SAR. However, you may want to check out your incident response policy/procedures.

It is up to your bank -the issuing bank - if the customers' cards are cancelled and replaced or monitored for unusual activity. The card holders are victims. You wouldn't report them!

Thinking more about this...it could occur somewhat frequently. Merchant notifies credit card company that system has been hacked or potentially hacked. Credit card company notifies bank directly or through processor and provides list of potential victims of the bank.

Is my understanding correct that a SAR is only required if the total amount of loss (individually or all customers together) is greater than $25,000 and suspects are unknown? If suspect is known then dollar limit is $10,000.

If the suspect is known, the threshold is $5,000.
Anyway, I don't think a SAR is warranted in your scenario.