Continuing the discussion from 40m card numbers stolen from Target:
CNN says that security experts are positing that malware was slipped into the POS system:
Target didn’t specify how its systems were hacked. But judging by the scope of the breach and the kind of information criminals got, security experts say hackers targeted the retailer’s point-of-sale system. That means they either slipped malware into the terminals where customers swipe their credit cards, or they collected customer data while it was on route from Target to its credit card processors.