Re: Card Payments
"Even using third parties, there are issues, e.g. if using an API where Jewson have some form of token for a card, if tokens can be grabbed, & credentials to communicate with 3rd party, then can get card details using token in API calls. Details would vary depending what was originally stored, number will be available."
It was mentioned that CVV values were among the leaked data. Since these are not supposed to be stored by anyone, I would expect that something was sniffing the traffic to capture the information leaked.