Five minutes? I worked there for more than five years and I am still amazed at the ineptitude and laziness I encountered there. Some individuals took their jobs seriously, but the whole work environment was all about who's dick you were sucking and trying to be groomed for promotion into a job where you did nothing and got paid a lot.
Oh, we need to do stuff about security like protecting passwords or credit card data? Meh, spend five minutes on it until the next customer complains then move on. If you don't have enough time to fix a problem, we'll just dump it in the customer's lap and tell them to take a hike because we already completed the contract and cashed their check per SOX requirements.
This breach and its ramifications do not surprise me one bit. I would be extremely surprised if this was the first breach, and we just did not know about previous ones. That happens when you fire half of MIS, slash their budget, and burden them with arbitrary, nonsensical constraints that prevent them from doing their jobs.