If anyone should be aware how insecure the web is then it's the US government agencies. So when they place sensitive information on servers connected to the internet then they are asking to be hacked.
They can't blame any hacker, the agencies themselves should be held accountable for this.