It's important to remember that many of the security folks at these companies are actually pretty good. This is more of a C-Suite problem than a security team problem - security people can't get much done if senior management doesn't prioritize a good information security program.
Makes you wonder doesn't it, the dollars that got spent to have something blatant happen. Its not an industry I'd like to be in, with everything so compromised.