When a site tells you "your new password can't be the same as your old password," they're supposed to be comparing hashed values, not storing your actual password in plaintext. If they know what your old password was, they've already failed Security 101.
The fact that a Fortune 500 company did this is like finding out your bank keeps everyone's money in a shoebox under the receptionist's desk. Ten years in tech and I'm still amazed at how many multi-billion dollar companies can't figure out basic password security.