Hillary Clinton’s campaign chairman, John Podesta, reportedly clicked on a phishing email that led to the theft of tens of thousands of emails after an aide mistakenly wrote to him that it was a “legitimate”—rather than “illegitimate”—message.

That error has haunted Clinton campaign aide Charles Delavan ever since, the New York Times reported Tuesday in a lengthy look at the Russian-directed hacks of Democratic organizations and operatives.

In recent days, unnamed intelligence officials have told several media outlets that the thefts of emails from the Democratic National Committee, Podesta and others were directed by the Russian government with the express goal of aiding Donald Trump’s candidacy (the FBI reportedly disagrees and believes the Russian government merely sought to sow doubt about the legitimacy of the electoral process).

The Times’ investigation found the attacks were exacerbated by costly mistakes on the part of the Clinton campaign, DNC and FBI.

For example, the report states a tech support contractor at the DNC, Yared Tamene, performed only cursory searches for signs of a hack after being initially contacted by FBI special agent Adrian Hawkins in Sept. 2015 with a warning that the DNC’s servers had been compromised. Despite several more calls in following weeks, Tamene didn’t intensify his efforts.

“I had no way of differentiating the call I just received from a prank call,” Tamene wrote in an internal memo obtained by the Times, referring to Hawkins. “I did not return his calls, as I had nothing to report.”

Hawkins never emailed Tamene out of fear the hackers would know they were being tracked, according to the report. Both Tamene and the FBI declined to comment to the Times for its story.

Tamene’s memo reveals he installed a “robust set of monitoring tools” in April, months after being initially notified of the hacking threat. Then on the eve of the White House Correspondents dinner, Amy Dacey, then chief executive of the DNC, was finally alerted to an unauthorized person with administrator-level clearance in the DNC’s system.

The DNC then hired CrowdStrike to quietly rebuild its system from scratch and search for foreign intruders. Within a day, the firm had identified the breach as originating in Russia. It further attributed the hack to two groups, “Cozy Bear,” or “the Dukes,” a group which Hawkins had asked Tamene to monitor in his original September phone call, and “Fancy Bear,” which first infiltrated Democratic Congressional Campaign Committee computers in March and then moved on to the DNC.

By then, it was too late.

This post has been updated.