A new report by the State Department inspector general accuses Hillary Clinton of violating cyber security protocol and federal records laws as secretary of state.

The report indicates the State Department was “slow to recognize and to manage effectively the legal requirements and cyber security risks associated with electronic data communications.”

The audit stems from revelations that Clinton used an unsecured, private email server to conduct government business, which included the exchange of classified intelligence.  The FBI is leading an ongoing criminal investigation into whether Clinton mishandled classified information.

Did Clinton Put National Security At Risk?

About 2,100 of Clinton’s personal emails released by the State Department were found to contain classified information. 22 messages were considered “Top Secret,” meaning their content was deemed too critical to national security to be made public.

Evidence suggests Clinton’s private server was subject to cyber attacks.

The IG report indicates that in January 2011, a technical adviser not employed by the government told Clinton’s deputy chief of staff Huma Abedin that he had to shut down Clinton’s server, because he thought someone “was trying to hack us.”

Later that day, the adviser notified Abedin that “we were attacked again so I shut [the server] down for a few min.”

The following day, Abedin sent out a notice warning staffers to not email Clinton anything “sensitive.”

In May 2011, two members of Clinton’s immediate staff discussed via email that the secretary became worried someone was hacking into her email after receiving a message with a suspicious link. Hours later, Clinton received a suspicious email from the former undersecretary of state for political affairs.

According to the report, she replied to that email the next morning asking, “Is this really from you? I was worried about opening it!”

Department guidelines dictate that suspicions of cyber-security breaches must be reported to officials. The IG report found Clinton failed to do so. It also accused Clinton of violating the Federal Records Act by failing to provide work-related documents to the State Department before leaving office.

Was Material Stolen from Clinton’s Server?

In a recent interview with Fox News, a Romanian hacker known as Guccifer said he easily breached Clinton’s server in March 2013. He also said he downloaded several files from the system. Last Wednesday, he pleaded guilty in federal court to separate charges of identity theft and unauthorized access to protected computers.

Anonymous government officials cited by Fox News rejected Guccifier’s claims that he attacked Clinton’s server, but they admitted he was a skilled hacker who had accessed the accounts of more than 100 Americans including former Secretary of State Colin Powell.

Guccifer agreed to a plea deal in which he would cooperate with federal authorities. His hacking exposed the news that Clinton used a private email account for government business.

The Democratic presidential frontrunner, however, maintains her innocence. A recently updated Q&A section of her campaign’s website reads, “No. There is no evidence there was ever a breach.”

Did Clinton Lie?

Clinton says she did not knowingly send classified information via a private system because it was deemed classified after she had sent it.

Howard Krongard, a former inspector general appointed by George W. Bush, challenges that claim.

“I don’t understand it, because it was either classified by the creator or it was classified by reason of where it came from or what network it was on,” Krongard said in an exclusive interview with Fox News.

A non-disclosure agreement signed in January 2009 by Clinton suggests that she understands “classified material is marked or unmarked.”

The IG report seemed to contradict other statements made by Clinton.

She repeatedly said that her use of a private email account for government business was permissible and not unprecedented.

“What I did was allowed,” Clinton said in a September 2015 interview with the Associated Press. “It was allowed by the State Department.”

However, the IG report revealed that Clinton never sought or received permission to conduct official business via a personal email account or private server at her home. According to aides interviewed by the office of the inspector general, officials in charge of security “did not — and would not — approve” such a request.

Clinton tweaked her story as evidence was released.

“I thought it was allowed,” She told CNN last Thursday. “I knew past secretaries of state used personal email.”

While the report cited multiple instances of communications flaws throughout the State Department, Powell was the only other secretary of state found to have used a personal email account for work. However, he consulted with the State Department to secure the system. Clinton did not.

Unlike Powell and other predecessors, Clinton stored government material on a private server.

“Certainly to my knowledge at least, Secretary [Condoleezza] Rice did not have a personal server,” Krongard said.

“I would have been stunned had I been asked to send an email to her at a personal server, private address. I would have declined to do so on security grounds and if she had sent one to me, I probably would have started an investigation.”

There was no Senate-confirmed inspector general in place during Clinton’s tenure as secretary of state between 2009 and 2013.

“I would’ve been the most unpopular person in that building,” Krongard said. “They are the people who enforce the rules, and there was no one enforcing the rules during that time.”

Clinton has since admitted her use of a private email account and server was a “mistake” she made for her own “convenience.”

Before the report was released, Clinton declined a request for an interview from the office of the inspector general.

What’s Next for Clinton?

Clinton can’t be prosecuted based on the findings of the IG report, which was based on an administrative inquiry. However, the FBI continues investigating whether Clinton mishandled classified information.

Ellen Glasser, a retired FBI agent who has worked on similar cases, told PolitiFact.com that Clinton may face criminal charges.

“We don’t do these because we’re curious,” Glasser said. “There’s a potential that a criminal violation took place.”