Home Depot Breached

Home Depot reported this week that their systems had been breached, potentially by the same malware which impacted Target last year. The period of time spanned from April of this year until last week, and there may be over 60 million customers impacted. My question to Home Depot (as well as to other retailers), is why was this malware not found sooner? Is it not a known vulnerability that you should have protected your systems against? It is beyond my comprehension to think that the same attack could be used again after Targets staggering losses were reported. In my opinion, any CISO or equivalent entity would have taken steps to plug that gap. I should withhold further judgement until all details are known and confirmed; but I will take this as a point that we should learn from other's mistakes, as well as always keep patches up to date. *Edit It has since been reported that different malware was used in the Home Depot attack http://www.csoonline.com/article/2606380/data-protection/researcher-disputes-report-blackpos-used-in-home-depot-target-attacks.html