The Parliamentary ombudsman has panned the running of the Individual Learning Accounts (ILA) scheme, criticising the poor security revealed exclusively by vnunet.com last year.
The government scheme was a popular way of gaining basic IT skills, but proved wide open to fraud by bogus training agencies.
Investigations by vnunet.com uncovered naïve security systems, which allowed fraudsters to clean out supposedly secure accounts simply by changing the last digit of a known account number.
The Public Accounts Committee estimated that as much as £97m may have been siphoned off in this way.
Ombudsman Ann Abraham said that the Department for Education and Skills (DfES) was "guilty of serious maladministration" for delivering a programme open to misuse and fraud.
The DfES said in a statement: "The delivery of ILAs fell a long way short of the standards that the public has a right to expect. It was unacceptable."
IT services group Capita, which was contracted to build the ILA system, blamed the decision to allow unaccredited training firms to access accounts.
"The system was designed for a closed community of learning providers. Without prior accreditation all users were placed in a position of trust," said Jonathan Hawker, external relations advisor at Capita.
Abraham concluded that trainees and training providers could be reimbursed for losses, but rejected calls for a national compensation scheme for training agencies.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance