[roadkillon101]

True, nothing is "unhackable" and it reminded me of Oracles corporations challenge about 10 years ago... they placed a billboards and marketed that they had an "Unbreakable" system...within hours they were "hacked" after doing this announcement. What these companies can do is change their premise for guarding their customers information. Instead of putting a singular firewall around their information system, they "compartmentalize" their customers info so they may get one or two customers info not hundreds or thousands at a time. Further, the critical info of each customer can be further "compartmentalized" to make the information difficult to access. This is how they approach Cardholder Information Security Program (CISP) with cardholder data. This approach ASSUMES the information at some point will be compromised, so with this assumption, when there is a breach, the damage will be limited not massive as it was the case with IBM and the other companies involved. They could have done something like that, however based on the media play they are doing now, I'm guessing there are hundreds if not thousands of companies involved.

[qaq]

I agree a lot more can be done but if you look at how advanced some of the state level groups (like APT-29) are if you are truly a target it's tough even if you follow all the best practices.