>>removed all sensitive information from the server. We eventually moved the server to a new box, where we blocked off the system and data files from the web server and changed the online store software to a super- secure system that stores zero sensitive customer information<<
Forgive me for throwing salt in an open wound, but why the hell didn't you do this in the first place? I've built small time networks for my home and office, and even though I don't host a web site through the network, if I did, the first thing I would do is have a different web host box (server) than anything else. Hell, I have a gateway/router/firewall box on each of the networks, and there's nothing that runs on those machine except that. File servers are in other boxes -- one of which I seem to be having a power supply problem at the moment.
Off topic: PC Power & Cooling
Swear by 'em.