I heard through the grapevine that for some of those big retailers that got hacked, it was actually third party vendors that created the security loophole. Either way as a DBA it's hard to hear about such things; we're charged with keeping the data secure, but we can really only protect what's in the database. What happens as it travels to and from the database is beyond our control.

I do wish there was a central source on what should be done to secure data as a DBA. I work for an online retailer that uses multiple third party solutions for the order management system, product lifecycle management, website, etc. We encrypt the important information at the database level and the third party software does the decryption as needed. We have a firewall to lock down the domain and follow best practices for logins to the database. Is that enough? I don't know, but I'm not sure what else I can do when so much of the process is controlled by our vendors.