I am pretty sure security is and was their foremost concern.
No one is secure today. The only systems that can't be hacked are those that are not connected to anything. The best companies can really do is make things as secure as they can and watch everything, hoping to catch a breach before it gets bad.
You can layer your security and yes, the assumption is, there is always a breach, how do I protect the keys to the kingdom in such an event. Encrypting the data at rest, as well as on the wire, etc and many more protections to keep someone from doing anything with the data even if they get in.
Are breaches a reality yes. However, having this type of data get out in a usable form is something else all together.
Of all companies, this one should definitely get hammered for this though. They collect your info without you having to directly do business with them and they then end up getting hacked.