OPM director resigns after unprecedented data breach

Katherine Archuleta stands down a day after scale of the massive breach was made clear

katherine archuleta

U.S. Office of Personnel Management (OPM) Director Katherine Archuleta rubs her eyes, as she testifies before a House Committee on Oversight and Government Reform hearing on the data breach of OPM computers, on Capitol Hill in Washington June 16, 2015.

Credit: REUTERS/Jonathan Ernst

The director of the U.S. Office of Personnel Management resigned on Friday, a day after her agency announced hackers had stolen information on 21.5 million current, former and prospective government employees and their families.

Katherine Archuleta said she had informed President Barack Obama of her plans to step down, and he had accepted her resignation.

"I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work," she said in an email to employees.

Archuleta had been at the agency for less than two years, joining in November 2013 at about the time the agency began an upgrade of its cyberdefenses. It was as part of that upgrade that it discovered two separate ongoing breaches that, investigators concluded, were unprecedented in their size and seriousness.

The larger of the two, which went on for months, saw hackers get away with Social Security numbers and other personal information on 19.7 million people who had undergone background checks, either as part of current federal government assignments or during the process of applying for jobs. An additional 1.8 million records on friends and family of those people, submitted as part of the security check process, were also stolen.

Also stolen was other information submitted as part of the background check process, including residency and educational history, employment history, information about immediate family and other personal and business acquaintances, and applicants' health, criminal and financial history. OPM said the most sensitive information on the financial and mental health history of applicants was stored in a different database that doesn't appear to have been compromised.

The intruders also got away with 1.1 million fingerprints.

A second, separate hack saw hackers steal information on 4.2 million government workers. Given the scale of the larger hack, which includes almost everyone who dealt with OPM since 2000, it's likely the majority of these 4.2 million people were thus hit twice.

Archuleta's position has been under pressure for weeks since the hack was divulged.

Her resignation might take some of the heat off the agency, but lawmakers will still want answers. On Thursday, two congressmen said they would begin pushing to have OPM's background check system removed from the agency to another part of the federal government.

Senator Mark Warner, a Virginia Democrat and a member of the Senate Select Committee on Intelligence, applauded Archuleta's move.

"This is the right move for the agency and all those affected by the breach," he said in a statement. "The focus now needs to be on fixing the problem and protecting those impacted."

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.