This report is a certainly a cautionary tale about what happens when managers ignore advice and/or choose to underinvest.
But this report is also remarkable for another reason. It's something that you'll rarely see in the private sector. In fact, government agencies deserve more credit than they get for 1) maintaining inspectors on staff to investigate operating problems; and 2) for releasing the messy findings when they occur, as DOE's inspector general has -- and other agency inspectors general do on a regular basis.
It's not a lot of consolation for those whose private information was compromised. But take a moment to ponder: You don't see a report like this explaining why an Amazon's regional cloud center went down or when a credit card processing company gets hacked.
Now lets hope DOE and other federal agencies learn from their mistakes.