-The breach occurred because intruders were able to exploit software security vulnerabilities to install a rogue program on the network of CardSystems Solutions.
-The malicious code was found by security experts from CyberTrust who did a probe apparently at the request of MasterCard.
-CNET also reports that there is speculation in online discussion boards about which the fact that Cardsystems was running Windows 2000 and IIS Server 5.0 (it is just speculation, as no one really knows the full story here).
Cardsystems was also not doing the right thing by holding on to these records, which they were holding for "research purposes". In other words, they shouldn't have had the data in the first place...