Comment Re:don't connect everything to the internet! (Score 4, Insightful) 191
It's a shame that we probably won't get good details about what happened. If they're PCI compliant, those devices need to be on their own network away from the rest of the company machines. If they were actually doing that, I'd think that they could have caught this with some sort of egress filtering that would either block or alert when it saw CC information going out, or outbound connections from the CC system to unauthorized systems.
Of course, my bet is an inside job. With the right people involved, you can bypass almost anything.