In Resignation Statement, OPM Director Lauds Hacked Agency’s IT Plan

Congressional overseers say outgoing personnel chief ignored IG warnings, failed to implement security measures

Katherine Archuleta
Katherine Archuleta / AP

After resigning from her position as director of the Office of Personnel Management on Friday in the wake of the largest government data breach in U.S. history, Katherine Archuleta said she was particularly proud of the agency’s strategic information security plan.

"We have accomplished much together, in particular, I’m proud of the work we have done to develop the REDI initiative and our IT Strategic Plan," Archuleta said. "Both of these efforts have transformed our ability to serve our customer agencies and ensure that the Federal Government is able to attract, hire, engage, and develop an talented and diverse federal workforce."

The agency’s strategic information technology plan places significant emphasis on IT security.

The plan "will ensure we protect the identity and privacy of our citizens and employees by implementing and actively monitoring standard security controls in our IT systems that effectively protect the large volume of sensitive personal data collected and stored by OPM IT systems," the agency said last year.

As part of the plan, it pledged to "improve information security to continue to protect the data, and therefore identities, of Federal employees and their beneficiaries, as well as applicants to federal positions, just as they expect and deserve."

OPM now estimates that as many as 22 million Americans have been affected by the suspected Chinese government-sponsored hacking of confidential security clearance documentation handled by the agency.

That tally is more than five times as large as OPM’s initial estimation of individuals affected by the breach. Federal authorities say the hackers obtained millions of Social Security numbers, biometric identifications, and other confidential information.

According to Rep. Mark Meadows (R., N.C.), who chairs the House Oversight Committee’s panel on government operations, the breach was a direct result of Archuleta’s failure to implement key IT security measures.

"OPM failed to implement even the most basic cyber-security protocols, including encrypting sensitive information," he said in a statement. "This was a colossal failing by the director and the chief information officer that will have security implications for decades to come."

Meadows, Oversight chairman Jason Chaffetz (R., Utah), Speaker John Boehner (R., Ohio), and other prominent members of Congress had called on Archuleta to resign.

Archuleta was initially defiant, saying as late as Thursday evening that she had no plans to resign her position. The White House said it had full confidence in her ability to lead the agency.

Archuleta announced her resignation early Friday afternoon.

"I conveyed to the president that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work," Archuleta said.

The OPM chief came under intense fire from members of Congress and other public officials as the full scale of the data breach became known.

Chaffetz grilled Archuleta last month on prior warnings from OMP’s inspector general that its IT systems were not secure.

He reiterated that point in a statement on Archuleta’s resignation, noting the IG’s prior warnings. "This should have been addressed much, much sooner but I appreciate the president doing what’s best now," he said.

"In the future, positions of this magnitude should be awarded on merit and not out of patronage to political operatives," Chaffetz added, referring to Archuleta’s prior position as the national political director of President Obama’s 2012 reelection campaign.