We’ve known for months that Hillary Clinton’s use of private email for official business was a security nightmare. Now we’re starting to learn a little bit about how that nightmare unfolded. Hackers from at least three countries targeted her servers after she left office in 2013.

This shouldn’t be a surprise, although it is pretty disconcerting. A congressional document obtained by the Associated Press says that Clinton’s servers were the subject of attacks from China, South Korea, and Germany. This detail from the AP report is pretty bad:

While the attempts were apparently blocked by a “threat monitoring” product that Clinton’s employees connected to her network in October 2013, there was a period of more than three months from June to October 2013 when that protection had not been installed, according to a letter from Republican senator Ron Johnson, chairman of the homeland security and government affairs committee. That means her server was possibly vulnerable to cyber-attacks during that time.