This article completely ignores the big elephant in the room. Why was this information on a server hosted on the Internet? Shouldn't information like this be separated on a separate subnet? It talks about Intrusion detection systems and all sorts of technology to mitigate the risk, but the answer is simple. If your business data is isolated completely from your public facing presence, you need an insider or a physical break-in to be at risk.