There is a case study on Target on the Microsoft website. That should point you in the right direction. I am sure I will get flamed for this, but Target is a victim as well here. They were attacked by criminals, and determined ones. I don't think the OS/Software version is what hurt them, I think the fact that they were not using encrypted terminals was the mistake. If you compromise a network, how hard is it to get malware that scrapes memory? A good regex that searches for PANs in POS process space seems like it would be very effective. POS vendors are supposed to make sure their software is handling card data securely, but they trust the OS they are running on. I would love to comment more.... Hopefully it will come out what happened, but most likely it was similar to TJX. Some misconfigured wireless or something to that effect. Get on the network, find some vulnerable systems. Pivot, Find the server that the POS boots of off. Infect. Site back and wait. As for the PIN data. I am not too worried.

Terminals encrypt PIN data inside the device. The terminals they use are PED certified. DUKPT is used, and the data should be safe. The PIN block should stay encrypted all the way to the processor. If it is decrypted it should be done in an HSM. The malware was most likely scraping memory on the POS and grabbing track data as it was passed from terminal to the POS. Then they somehow exfiltrated it out. Obviously they weren't using encrypted terminals. I don't think target stored this data centrally. Most likely just infected POS stations. My bet is at the source and they all booted up infected stations. Sorry for the terse responses.

Did you say BEES?!?!?!