For the Obama administration, which came to office holding East Room events on cybersecurity and pressing Congress, for years, to pass legislation that would allow the private sector to share information with the government, what has happened at the Office of Personnel Management can only be described as a case study in bureaucratic lethargy and poor security practices.

In the most egregious case cited by the inspector general, outsiders entering the system were not subjected to “multifactor authentication” — the systems that, for example, require a code that is sent to a cellphone to be entered before giving access to a user. Asked about that in an interview, Donna Seymour, the chief information officer at the Office of Personnel Management, said that installing such gear in the government’s “antiquated environment” was difficult and very time consuming, and that her agency had to perform “triage” to determine how to close the worst vulnerabilities.

The agency now plans to install two-step authentication across its network, Ms. Seymour said. A longtime data security official, she also defended the decision to ignore the inspector general’s advice to shut down two systems that contain the security clearance information. Ms. Seymour said that the investigators were using an outdated assessment of the security measures — and that the agency was in the process of getting tighter controls when the intrusion happened. Another senior official said that with the agency under pressure to clear a huge backlog of security clearances, halting the process was “a nonstarter” with Congress.

During the installation of new security scanning software, officials said, they found evidence of the broad downloading of millions of files.

But administration officials said a lack of management focus on the problems contributed to the slow response — combined with a lack of focus on protecting systems that are not part of the national security infrastructure but that contain large amounts of data. And a number of administration officials in interviews on Friday painted a picture of Chinese adversaries who appear to be building huge databases of information on American citizens, useful for intelligence gathering and other purposes.

“They didn’t go to sell the data, which is what criminal groups usually do,” said James Lewis, an expert at the Center for Strategic and International Studies. “It’s biographic databases that really give an intelligence benefit — and that get into an opponent’s skin.” Such databases indicate where a government official was posted, and security clearance information would list their foreign contacts — useful if there was an effort to track down Chinese citizens in contact with Americans.