More connections, more risk
The more data you let business partners access—the more you're connected—the more you must trust the security of same partners.
Up to 40 million credit-cards could be breached. It's good that CardSystems Solutions openly admit it, it's the only right thing to do. If the story had leaked it would've been a PR catastrophy for them.
The thought about how many third-party processors (whatever that means) there are in a system like that is really scary, and many of them probably aren't in the IT heavy sector, so they're unlikely to have skilled people to secure and maintain their systems. There must be plenty of low-hanging fruit there for the evil hacker.