Re: PCI DSS?
What was involved in the failure is irrelevant. PCI-DSS is structured so that any breach is an automatic failure if credit card data is involved (actual CC#, CVV). Where it gets fuzzy is the encryption of the card data itself. The miscreants (love that word) made off with their code/software as well and it seems that it wasn't strong cryptography to begin with. That's the fracture point. How the CC companies view that fracture is the make or break for Experian.
Can't wait to hear the twenty-ton thud that will be the class-action suit.