Again, nothing big surprise. I'm sure many of us expecting that silly hacking stunt coming. Either the website security never update or check or even scan for suspected virus and malware in the server by the IT. Although I have no right making such baseless claim in this post, but I do believe the Governments' employee's PCs or servers may largely infected.
I know because I encounter (few) Governments employees pen drive contains virus when transferring presentation data into our office PC. Even the burn CDR data I discover were all fake with infected files after the people complains to me why it can't open and the AV annoy message keep popping up blocking it.
You may say probably our office PCs were infected, sorry that ain't going to happen under my watch. My practices always disabling the autorun, installed good USB Guardian and AV program including latest Window updates keeping the system virus free as long as possible. Yes, it takes longer time to do and get complains by users for being slow delivering on time. Sometimes it worth the risk when you are monitoring over 240 PCs alone in the headquarter. Do note I haven't includes the CCTV, site office PCs and other system just yet because it stressful thinking about it.
Microsoft Windows is the only OS easily target by every hackers in the world. Without doubt majority of the Government system were mainly running Windows today. If the IT staffs didn't take good care updating the security patches, deploying good anti-virus programs and controlling daily use of USB storage’s. You already know what will happen next.