Rarely do I see people who actually do incident response or operational information security work dunking on organizations for getting breached. Perhaps they understand something the bandwagoners do not.

When you have limited information, probably not a good idea to throw shade. When you have inside information that security was purposely put on the back burner to pursue near term profit, then it does make sense. Obviously that isn't the case with this recent breach.