I described the security breach at PenFed in this Tuesday blog post
. This PC world article
describes this incident and a similar incident at Sovereign Bank. In that case the bank found a keylogger program on one of the bank's laptops.
The article has an interesting discussion of this issue and the difficulties that exist for institutions when they do find a hacked computer. It's not easy to know the scope of the data breach.