Ask any security professional and they will tell you that security is a trade-off. No computer or network is 100% secure. The objective is to match the amount of security to the amount of potential loss. The estimates here are incredibly difficult to make. No person or company or philosophy has solved this problem yet.

One can claim that Home Depot made the wrong security trade-offs. But I don't see any analysis being done in these threads or articles. I see people criticizing faults and suggesting areas that they may have invested in. Ways to increase security. But I don't see any calculations on the actuarial side or figures for how much it would cost Home Depot to make those investments. I don't think a Hacker News thread is capable of making that sort of assessment, myself included.

What I can say (and did say) is that Home Depot is a victim of a theft. You are too, if your data was in the cache. Couldn't someone criticize you for keeping your data with Home Depot? That's not secure. Not just from hackers, but also from being sold to creditors and financial listing agencies. You'd be right to call me out for criticizing you for something you really can't help.

Home Depot can't help but to be on a woefully broken cyber-infrastructure. It has to in order to participate in the modern economy. It's only option is to be more secure than other large retailers with the hope it will be a less attractive target ("I don't have to outrun the bear, I have to outrun you.") If someone wants in, they will get in.

They were forced to take a raw deal, and they were owned. It's going to keep happening. And making post-hoc suggestions about minor configurations isn't going to help.