To be PCI compliant does not mean you can't be breached. Any of us that processes PII (personally identifiable information) should be humble. ... Anyone that thinks they're not going to be breached is being naive.
-- Bob Carr, CEO of Heartland Payment Systems
Note: emphasis is mine.
Src: Heartland CEO on Breach Response - BankInfoSecurity