The compromised agency was running outdated versions of the software, indicating the need for federal agencies to prioritize cybersecurity measures such as event logging and timely remediation.