The compromise was at the server level. The hackers installed a compromised server on the network and read the data from the POS terminals in real-time.
IOW, they had insider help or used social engineering to gain admin-level network access.
So, in this case, at least, using Linux would have made no difference at all.
"But according to sources, the attackers broke in to Target after compromising a company Web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Targets internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.
The bad guys were logging in remotely to that [control server], and apparently had persistent access to it, a source close to the investigation told KrebsOnSecurity. They basically had to keep going in and manually collecting the dumps"