Correct me if I'm wrong
I believe that the CCV is supposed to be used *once* to confirm a new credit card number. The card number gets stored but I believe the CCV is not legally meant to be stored in a database.
If my recollection is true, and the CCV *was* stored in the system, wouldn't this be a egregious legal breach?
<edit> Ah, never mind. I just re-read the article and it wasn't (just?) the database that was breached but the system which accepted CC information for processing... which would include CCVs.