OPM director resigns following largest hack in U.S. government history

The largest hack in U.S. government history has claimed another victim.

Office of Personnel Management (OPM) Director Katherine Archuleta resigned on Friday, the Daily Dot has confirmed. Her departure follows bipartisan pressure from Congress and outside observers.

“This morning, I offered, and the president accepted, my resignation as the Director of the Office of Personnel Management,” Archuleta said in a statement emailed to the Daily Dot. “I conveyed to the president that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work.”

The OPM hack exposed the records of over 25 million federal employees as well as their family members and others who were targeted for background checks by the federal government. About 21.5 million Social Security numbers were stolen, and hackers compromised over 1 million fingerprint records as well.

Archuleta initially resisted calls to resign for over a month due to years of criticism over the agency’s lackluster cybersecurity. On Thursday, Archuleta said she was “committed to the work that I am doing at OPM.” She led the agency since November 2013.

The deputy director of the Office of Managemt and Budget, Beth Cobert, will replace Archuleta, the New York Times reports.

Rep. Jason Chaffetz (R-Utah) has been exceptionally critical of the OPM director, calling for her resignation weeks ago during early congressional hearings.

“This is the absolute right call,” Chaffetz said in a statement emailed to the Daily Dot. “OPM needs a competent, technically savvy leader to manage the biggest cybersecurity crisis in this nation’s history. The IG [Inspector General] has been warning about security lapses at OPM for almost a decade. This should have been addressed much, much sooner but I appreciate the President doing what’s best now. In the future, positions of this magnitude should be awarded on merit and not out of patronage to political operatives.”

Others from Congress have praised Archuleta’s departure as well.

“Today’s move by the administration to change leadership at OPM is the right decision, and one that will help to restore confidence in an agency that not only poorly defended sensitive data of millions of Americans but struggled to respond to repeated intrusions,” Rep. Adam Schiff (D-Calif.), the Ranking Member of the House Permanent Select Committee on Intelligence, said in a statement. “This change in leadership is also an acknowledgement that we cannot simply place blame on the hackers, but need to take responsibility for the protection of personal information that is so obvious a target.”

FBI Director James Comey called the OPM breach “enormous” at a Senate hearing on Wednesday. And federal employees hit OPM with a $1 billion class-action lawsuit for negligence leading to the hack.

The hack was first discovered in April but had been ongoing for at least a year prior. 

“In the weeks and months ahead, it is clear that much more work will be needed to safeguard our networks, especially those which hold the most sensitive details about Government employees, many of whom are entrusted with critical national security missions,” Schiff added. “It will also take years before the full security repercussions may be known, and the intelligence community is already taking steps to address any new vulnerabilities posed by the compromise of this data.”

On Thursday, the White House released a roadmap to improve federal cybersecurity through this year.

H/T Jim Acosta | Photo via U.S. Department of Education/Flickr (CC BY 2.0)

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.