Re: Security warnings?
It most likely wouldn't have made any difference what AV vendor they were using or how recently it was updated. Traditional signature-based AV would probably not have known anything about the malware variant used against Home Depot. I don't think the AV not being updated has anything to do with the breach except that the fact it wasn't being updated and the weak passwords give an indication of the security posture of the company and the state of the security program in general. The lawyers will argue that if you are not doing the basics, then you are not dong your due diligence and putting in place accepted industry-standard measures to adequately protect customer's data.