Originally Posted by
adrianlondon
From what I've read and pieced together, this was a data intercept as the data enters some kind of payment system. It seems most likely that this hack intercepted the data right at the payment system, after any encryption of the transmission had been removed.
This is what I thought based on the information that was released on Thursday. However, with information to a payment system, why would that also make your full name, date of birth and home address vulnerable? And apparently, they are warning both online (web interface) and offline (telephone based) users during that period. Either someone who doesn't fully understand the technical details is writing the communication points, or this has a different texture than we thought.