This is the key phrase in the original post about this and many other card data breaches:
Although our stores are fully compliant with the latest Payment Card Industry (PCI) security standards, computer hackers managed to infect some of our credit card terminals with so-called “malware” (malicious software) that allowed them to collect credit card numbers registered on our system.