Hackers were not only able to steal 3.6 million social security numbers, but they managed to steal an additional 16000 unencrypted credit card numbers. The hacker first attacked the system in August. This goes to show that many enterprises out there can be compromised for months and not even know it yet. This is why we always recommend a full recognizance of an enterprises network, and resources including all applications, and 3rd party connections. The fact that the credit card numbers on the server were in the clear shows a huge lack of security insight and potentially means that there are many other major security issues within that particular environment. Encrypting sensitive data properly is application security 101 and the fact that these things happen all the time shows exactly why enterprises like these need to proactively monitor their application security efforts. A close look into their architecture, and SDLC (Software Development Lifecycle) would of found this major gap in their security practices and proper remediation efforts could of been started so that something like this was caught earlier or ceased to exist.