Interesting story to share here, thanks. Besides spear phishing (targeted) email scams to people who work at such companies there are other ways websites are exploited, big and small.
Another major component is hacking websites which run various outdated software. Common examples of outdated software include Wordpress (blogging software), ecommerce, message board or admin control panel software. Website owners often do not keep their websites up to date and thus many of them eventually get hacked.
There are many other reasons why websites get hacked, but programs that are not patched and kept up to date are often vulnerable, just as they are on home PCs that are used to go online.