Hillary Clinton disregarded State Department cybersecurity guidelines by using a private email account and server, an internal audit found Wednesday. Her staff twice brushed aside specific concerns that she wasn't following federal rules.
The inspector general's review also revealed that hacking attempts forced then-Secretary of State Clinton off email at one point in 2011, though she insists the personal server she used was never breached. Clinton and several of her senior staff declined to be interviewed for the State Department investigation.
Earlier this month, Clinton, the likely Democratic presidential nominee, stressed that she was happy to "talk to anybody, anytime" about the matter and would encourage her staff to do the same.
The 78-page analysis, a copy of which was obtained by The Associated Press, says Clinton ignored clear directives. She never sought approval to conduct government business over private email, and never demonstrated the server or the Blackberry she used while in office "met minimum information security requirements."
Twice in 2010, information management staff at the State Department raised concerns that Clinton's email practices failed to meet federal records-keeping requirements. The staff's director responded that Clinton's personal email system had been reviewed and approved by legal staff, "and that the matter was not to be discussed any further."
The audit found no evidence of a legal staff review or approval. It said any such request would have been denied by senior information officers because of security risks.
The inspector general's inquiry was prompted by revelations of Clinton's email use, a subject that has dogged her presidential campaign.
Clinton campaign spokesman Brian Fallon said in a tweet that the audit "makes clear her personal email use was not unique at State Department."
The review encompassed the email and information practices of the past five secretaries of state, finding them "slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership."