by Josh A » Sat Jun 14, 2014 5:05 pm
Ideally they would truncate or hash the card number and not store it unless absolutely necessary, along with no other identifiable card stuff like cvv or expiration or the like, but if the point of sale system/server itself is compromised then it doesn't really matter at all.
Checking for updates on Krebs security site, it looks like they're going over to oldschool manual imprinter card thingies, hope they safely dispose of the paper copies or they're just going to have an even bigger mess.