If you are using the Magento eCommerce platform then I am sure you have read about the Shoplift (SUPEE-5344) vulnerability that was patched over a year ago (February 9th 2015).
One of the top ranking reasons for an eCommerce website being breached is the lack of up-to-date software and applications. To this date, we are still seeing a vast number of websites that are being breached using this particular vulnerability.
Therefore, we can not emphasise enough the need to apply security patches as soon as they become available. We recommend that this action is added to your standard security practice.
In addition, it is essential that periodic ASV scans are ran to ensure that the security of the eCommerce environment is maintained.
Reviewing of database content is strongly advised and any instances of the following basic search patterns should be carefully reviewed: XMLHttpRequest setRequestHeader querySelectorAll