I'm involved in the design and maintenance of a PCI environment. Given the auditing requirements for these environments it is mind-boggling that an intrusion of this magnitude went unnoticed for several months.
I'm left with the conclusion that they were either negligent or incompetent, or layers of management were actively trying to cover things up.
I'm left with the conclusion that they were either negligent or incompetent, or layers of management were actively trying to cover things up.