ssgumby - 2:49 pm on Jan 17, 2012 (gmt 0)

Any ideas on how it could have happened -- SQL Injection, XSS, RFI, ...?

I dont think it was either, sounds like the hacker got into their internal network at which point they probably had access to their DB. I would venture to guess this was an inside job from an employee or ex-employee