When a hacker released the contact information of 9,000 DHS employees, it was the result of several awareness failings. The reality is that these are failed awareness programs that are typical of industry as a whole.
Summarizing the attack, apparently a criminal compromised the user id and password of a random Department of Justice employee, reportedly through a spearphishing attack.