That seems to be the case. The CardSystems employees were negligent and incompetent in choosing to deploy Microsoft products in their data center.
eEye Digital Security has announced that they are working on the problem.
" That seems to be the case. The CardSystems employees were negligent and incompetent in choosing to deploy Microsoft products in their data center."
I disagree.
I'm not a big fan of Microsoft, but it's not any worse than anything else.
What I do for a living is to fly around, visit my customers, break into their applications, systems, and networks, and systems. The operating system it's self is only a small part of the total attackable surface area.
My understanding is that they knew where the problems were for a long time, knew how to fix them, and just plain old didn't apply the patches or make the configuration changes that they knew needed to be made.