This article details a reported breach of the e-commerce site, baileysonline.com.  The scariest part – it began in 2011 and has proceeded unnoticed until now.  This is a perfect example of why auditing is necessary, why logging and log review is necessary, and frankly why IT security in general is necessary.  I am not saying any of these controls or methodologies would have stopped the breach, but I would like to think that it would have been discovered long before now.

http://www.scmagazine.com/attacker-compromises-information-of-250k-in-baileys-data-breach/article/483630/