Why are there still security breaches in the retail industry?

Home Depot information security issue:

Not more than 6 years ago there was the biggest credit card compromised incident ever seen. It affected almost 56 million people. Home Depot was not the only victim, but it was the biggest incident in the history of cybercrime and security breach at that time. The attackers gain access to the third-party vendors log on credentials and get into the Home depot corporate environment through that. They used memory scrapping malware that is used to scan the memory of digital devices to get personal information. This malware successfully captures credit card details of 56 million customers and emails of 52 million customers. These can be used for phishing on a large scale. The reason for all this was home depot POS terminal did not securely configure both as hardware and software. There was no proper network surveillance. But Home Depot did have the SEP as a proper Antivirus. but the only problem was that they did not have proper network threat protection. The point to point encryption was also missing by which the credit card data encrypted. as soon as the customer swipes the card. The operating system that was being used was also not secured. They were using Windows XP sp3 which is really inviting for the attacks and malware. But how did the attacker get into the vendor's logon this is also an issue but if you look into it more deeply you will know that there was no proper potential threat and vulnerability policy in that retail chain. They should have learned from the security breach of the target in 2013 just a year before the incident. Now, this issue has also been resolved by using the technology of NFC like Apple Pay and Google Pay. But of course, there was a huge amount that was paid by the home depot as compensation and a penalty to be careful in future.