The scary thing is that this smaller breach probably would not have been discovered if it weren't for the full investigation of psn. How many data breaches go undiscovered?
Proper maintenance is needed, Microsoft doesn't issue weekly critical security updates just for fun. But a lot of organizations don't have the know how or budget to keep up with them. I would sooner trust a tech company to be on the ball then hospitals, schools, dmv or the irs. But unfortunately also tech companies have a lot of legacy hardware and software.
For example:
The U.S. Government Accountability Office (GAO) issued a report on March 15 saying that the IRS still hasn't fully implemented key components of a comprehensive information security program. In fact around 74 percent of known weaknesses in the IRS's IT infrastructure remain unresolved or unmitigated, GAO found.
This isn't the first time that the GAO has criticized the IRS's IT security practices. A report in 2008 found "pervasive weaknesses" in the IRS's IT security practices. The agency failed to enforce strong passwords, encrypt sensitive data, monitor changes on its mainframe systems or physically protect critical IT resources.
http://threatpost.com/en_us/blogs/irs-security-holes-put-taxpayer-data-risk-031711