Katherine Archuleta steps down after sensitive information of an estimated 21.5 million federal employees stolen in cyber-attack by suspected Chinese hackers

This article is more than 5 years old

This article is more than 5 years old

A government hacking scandal that compromised the personal information of an estimated 21.5 million Americans claimed its first big political casualty, in the shape of Katherine Archuleta, the director of the Office of Personnel Management (OPM).



OPM hack: 21 million people's personal information stolen, federal agency says Read more

According to administration officials, Barack Obama accepted Archuleta’s resignation the day after it was revealed that two separate data breaches had potentially affected many more records than previously revealed.

“[She] made clear to the president that she believed it was best for her to step aside and allow new leadership that would enable the agency to move beyond the current challenges,” said one White House official.

“This includes responding to the recent breaches affecting personal information and improving the OPM systems to mitigate risks in the future.”

Archuleta will be replaced on an acting basis by Beth Cobert, currently deputy director of the Office of Management and Budget, and a former senior partner at McKinsey.

On Thursday it was revealed that the breach of OPM security clearance records by suspected Chinese hackers had exposed social security records and other personal information on up to 19.7 million applicants for government jobs as well as 1.8 million relatives.

This followed a separate breach thought to have compromised personal information relating to 4.2 million current and former federal workers. It is not clear how many of the individuals overlap with the latest breach.

The White House said it was reviewing ways to tighten data security in future, including requiring two-factor authentication for passwords, limiting the number of privileged users, limiting their capability and maintaining logs of their activities.

A permanent new director for the department will now be sought, although officials stress that Cobert’s experience at McKinsey puts in her a strong position to begin the necessary reforms.

“The urgent challenges facing the OPM require a manager with a specialised set to skills,” said White House spokesman Josh Earnest. “It is critical to their mission to safeguard their computer records and to safeguard their data.”

As recently as Thursday, Archuleta was insisting she would not resign but the rising scale of the crisis as prompted fierce criticism from lawmakers on Capitol Hill.

“It is only in the last couple of days that those responsible for the investigation reached a final conclusion about the scope of the intrusion,” said Earnest.

“What the president thinks is it’s quite clear that new leadership with a set of skills and experiences that are unique to the challenges that OPM faces are urgently needed.”

Republicans were scathing in their response to the scandal.

“While leadership certainly matters, the resignation of the OPM director does not reduce the damage caused by this data breach,” said senator Jerry Moran, chairman of the Senate commerce subcommittee for consumer protection and data security.

“The 22 million Americans who have had their personal privacy violated and sensitive information stolen by hackers continue to wait for answers from OPM and the administration. We need to know the true scope of the OPM data breach, how this happened, what is being done to protect the victims from criminal activity, and what steps are being taken not only at OPM – but across all federal government agencies – to make certain we are safeguarded from future cyber-attacks.”



But some Democrats were more sympathetic.

“Today’s move by the administration to change leadership at OPM is the right decision, and one that will help to restore confidence in an agency that not only poorly defended sensitive data of millions of Americans but struggled to respond to repeated intrusions,” said Adam Schiff, ranking member of the House permanent select committee on intelligence.

“This change in leadership is also an acknowledgement that we cannot simply place blame on the hackers, but need to take responsibility for the protection of personal information that is so obvious a target.”