Ouch
"malicious software was discovered in a centralised IT system"..
Well and truly Pwned.... One wonders how long that Malicious Software had been there because there customers might want to check back through their accounts for a lot more than just last week...
Would also like to know why the Credit Card numbers are stored in complete form.... why have the 1st/last (n) numbers not been removed.... There is no need to "keep" the full number.