OK, now the Department of Energy is having "difficulties" with data security. A "red team" (a security testing group, sometimes called penetration testers or pen testers) was testing DOE security last Fall when they discovered a previous hack in which employee records of 1502 contract employees of the DOE were stolen by a hacker from an unclassified computer system..
This one sounds, at least in part, like a technical security problem, though there are certainly organizational issues here as well. It is strange that the DOE knew about the breach for some months but did not undertake an effort to notify all the affected employees until recently. Neither the DOE Secretary nor his deputy were informed about the breach until recently. A little communication problem, perhaps?
In our research we found that IT departments and IT security groups often had difficulty getting and holding the attention of upper management because there was no high level executive involved in information security. Large companies without VP level representation of the security function have to work extra hard to make sure that distress messages from down below are actually bubbling to the top in a timely way.