Home Depot’s security team knew of vulnerabilities in the retailer’s systems years before its massive breach and issued multiple warnings to no avail, according to a recent report by The New York Times that sourced anonymous former Home Depot cybersecurity employees.

Outdated software, including Symantec antivirus software from 2007, was used to protect the retailer’s systems, and it barely met industry standards for protecting customer data, the report said. One former team member felt concerned enough to warn friends to use cash whenever possible at Home Depot’s stores.

The company performed irregular vulnerability scans on only a dozen or so computers in certain stores, and former employees said more than a dozen systems that handled customer information were never assessed and couldn’t be accessed by security employees.