Federal Personnel Office Director Katherine Archuleta Resigns Following Massive Government Data Breach

The OPM chief was formerly the National Political Director on Obama's 2012 campaign.

|

OPM.gov

That didn't take long. 

Office of Personnel Management (OPM) Director Katherine Archuleta, who previously served as the National Political Director on President Obama's 2012 campaign, tendered her resignation today.

The move follows yesterday's revelation by OPM that a massive cybersecurity breach had exposed sensitive personal information, including Social Security numbers, for more than 21.5 million people to Chinese hackers. (There's been no formal accusation, but virtually everyone believes that China is the culprit.) Pretty much anyone who went through the federal government's background check since 2000, as well as about 1.8 million family members, was swept up in the beach. 

It was the second major breach in recent weeks; last month, OPM admitted that, in a related incident, hackers had stolen confidential records for more than 4 million federal employees, including details of their sex lives, gambling habits, and personal debts. 

Following news of the earlier breach, President Obama had publcily expressed confidence in her abilities

The New York Times reports that Archuleta went to the White House to submit her resignation this morning:

Ms. Archuleta went to the White House on Friday morning to personally inform Mr. Obama of her decision, saying that she felt new leadership was needed at the federal personnel agency to enable it to "move beyond the current challenges," the official said. The president accepted her resignation.

Beth Cobert, the deputy director of management at the Office of Management and Budget, will step in to temporarily replace Ms. Archuleta while a permanent replacement is found.

Before Archuleta leaves, however, she wants everyone to know how proud she is of OPM's IT Strategic Plan

OPM announced yesterday that it would offer three years of identity monitoring to anyone affected by the larger hack, but as National Journal reported, it has so far not found a contractor to do so

Much of the hacked information is pretty much the exact personnel data that would be worst to allow into the hands of foreign governments. As Kim Zetter notes in Wired, the background investigations database that was compromised contained…

…a wealth of sensitive data not only about workers seeking security clearance, but also about their friends, spouses and other family members.

The 127-page SF-86 forms include financial information, detailed employment histories—with reasons for past terminations included—as well as psychological records. They can also include potentially sensitive information about the applicant's interactions with foreign nationals—information that could be used against those nationals in their own country.

Federal background checks are meant to suss out information that might be used by foreign enemies to blackmail a government staffer into turning over classified information. Diplomats and other workers with access to classified information are required—depending on their job—to provide a list of foreign contacts.

IT security is, of course, complicated, and Archuleta had no real background in cybersecurity. But there are some steps that should be obvious. For example, maybe in the future, OPM should try to avoid giving root access to databases like this to outside contractors that employ systems administrators who are physically located in China