Menu
Menu
OPM director resigns after unprecedented data breach

OPM director resigns after unprecedented data breach

Katherine Archuleta stands down a day after scale of the massive breach was made clear

Katherine Archuleta, director of the U.S. Office of Personnel Management, testifies about recent data breaches during a Senate hearing June 25, 2015.

Katherine Archuleta, director of the U.S. Office of Personnel Management, testifies about recent data breaches during a Senate hearing June 25, 2015.

The director of the U.S. Office of Personnel Management resigned on Friday, a day after her agency announced hackers had stolen information on 21.5 million current, former and prospective government employees and their families.

Katherine Archuleta said she had informed President Barack Obama of her plans to step down, and he had accepted her resignation.

"I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work," she said in an email to employees.

Archuleta had been at the agency for less than two years, joining in November 2013 at about the time the agency began an upgrade of its cyberdefenses. It was as part of that upgrade that it discovered two separate ongoing breaches that, investigators concluded, were unprecedented in their size and seriousness.

The larger of the two, which went on for months, saw hackers get away with Social Security numbers and other personal information on 19.7 million people who had undergone background checks, either as part of current federal government assignments or during the process of applying for jobs. An additional 1.8 million records on friends and family of those people, submitted as part of the security check process, were also stolen.

Also stolen was other information submitted as part of the background check process, including residency and educational history, employment history, information about immediate family and other personal and business acquaintances, and applicants' health, criminal and financial history. OPM said the most sensitive information on the financial and mental health history of applicants was stored in a different database that doesn't appear to have been compromised.

The intruders also got away with 1.1 million fingerprints.

A second, separate hack saw hackers steal information on 4.2 million government workers. Given the scale of the larger hack, which includes almost everyone who dealt with OPM since 2000, it's likely the majority of these 4.2 million people were thus hit twice.

Archuleta's position has been under pressure for weeks since the hack was divulged.

Her resignation might take some of the heat off the agency, but lawmakers will still want answers. On Thursday, two congressmen said they would begin pushing to have OPM's background check system removed from the agency to another part of the federal government.

Senator Mark Warner, a Virginia Democrat and a member of the Senate Select Committee on Intelligence, applauded Archuleta's move.

"This is the right move for the agency and all those affected by the breach," he said in a statement. "The focus now needs to be on fixing the problem and protecting those impacted."

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO newsletter!

Error: Please check your email address.

Tags business issuesintrusionpersonnelGovernment use of ITU.S. Office of Personnel ManagementKatherine Archuletasecuritygovernment

More about IDGNewsTwitter

Show Comments
Computerworld
ARN
Techworld
CMO