US Man Stole 130m Card Numbers Using SQL Injection Attack

A bit disconcerting how this supposed fraud investigator is waffling about firewalls?<p>EDIT: just chatting to my boss about it; the fraud guy (Edward Wilding) came up and he rolled his eyes :) so Im guessing not the sharpest cookie in the investigative draw (my boss used to be a fraud guy)<p>SQL injection is so vague: anyone got better specifics on what was done? (I hunted around but no joy)

If this is the large Heartland break-in from last year, then this guy also managed to install keyloggers/trojans in unallocated disk space on servers inside the datacenter. The trojans collected every track 1 or track 2 magnetic strip off every card processed at the facility for an unknown length of time. Heartland processes about 100,000,000 credit card transactions each month.