Personal records siphoned off from online store
"The lost data includes customer names, addresses, card numbers, and three-digit security verification codes on the backs of the cards."
Presumably the people that wrote the e-commerce platform couldn't figure out a way of defeating the build-in password salting-and-hashing functions of the Operating System. And given that I don't understand the intricacies of the modern online ecommerce platform, what was such information even doing being stored online unencrypted and in the clear.
'no passwords or social security numbers were obtained by the thieves'
Not exactly what they said:
"we have not identified evidence indicating that password or login credentials were affected"
What they should have said: If the 'cyber' thieves got hold of your encrypted password they could run it against a rainbow table and extract the plain text. If you use the same password here or elsewhere change the password immediatly.