B****CKS
content should have been secured/encrypted regardless of the server platform used. The information, if classified, shouldn't be left in an open filing cabinet open to all. Maybe a defence contractor, but its not at all clear who's side they are working for!
Appears to be no configuration rather than a configuration mistake too.
They would be better off using dropbox by the sound of it - at least they don't have to give extra credentials to the NSA...