A lack of adequate protections on file servers run by government agencies and military subcontractors allowed reporters for the Associated Press to download sensitive military and technical files from computers that should not have allowed public access, the news service reported on Thursday.

The files included information that could have allowed hackers access to Department of Defense computer systems, maps of military facilities in Iraq, descriptions of the security features at some of the facilities, and plans for infrastructure improvement at bases in the Middle East, the AP reported. The files were hosted on anonymous FTP (File Transfer Protocol) servers with no password protection or, in one case, with a password that was included in another file on the server.

At least one subcontractor told the Associated Press that the files were secure because they were on servers not indexed by search engines.

While cybersecurity has been an afterthought in much of the Beltway, following the loss of a laptop holding the personal information of 26.5 million veterans and the revelation that attacks from China and other countries have targeted government systems, lawmakers have begun to focus on the federal systems' poor security. In March, eight of 24 federal agencies got a failing grade for the security of their systems, according to a report required by the Federal Information Security Management Act (FISMA).

Following the inquiry by the Associated Press, the Army Corps of Engineers requested that its contractors immediately protect the files with at least a password and other agencies have either removed their FTP sites from the Internet, added password protection or pledged to take steps to secure the documents, the AP reported.

The Associated Press stated that its reporters deleted all the documents found during its investigation.