OPM chief resigns after massive hack; Navy says fingerprints stolen

Then-Office of Personnel Management Director Katherine Archuleta appears at a Senate Homeland Security and Governmental Affairs Committee hearing on data breaches June 25, 2015, on Capitol Hill.


By JONATHAN S. LANDAY AND LESLEY CLARK | McClatchy Washington Bureau (TNS) | Published: July 10, 2015

WASHINGTON (Tribune News Service) –– The controversy over the computer breach of 21 million federal employment records ballooned Friday as the director of the government’s personnel office resigned and the Navy Department warned that pirated information included the fingerprints of more than 1 million people.

Office of Personnel Management Director Katherine Archuleta, who had resisted demands that she quit, submitted her resignation to President Barack Obama, who accepted it.

Late in the day, the Navy Department sent a notice to its more than 436,000 active and reserve personnel and more than 195,000 civilian employees warning them that the stolen information included “the findings of interviews conducted by background investigators and approximately 1.1 million included fingerprints.”

“Significant numbers of current, former, and prospective military members and government civilians, as well as contractors, have been affected,” said the notice, which added that advisories would be sent out in the coming weeks to Navy personnel affected by the hack.

The Navy Department “continues to assess the risks associated with these data breaches. It is prudent to assume that we are all affected by the compromise of this information,” it said.

The Navy statement was the most explicit warning so far of the seriousness of the breach, which, combined with a smaller but related hack of a database that was revealed last month, showed the vulnerabilities of government computers.

The Navy statement was likely to increase the fears that the pilfered personal data could be used to blackmail federal workers and contractors with top-secret clearances.

U.S. officials have said that the attacks on the OBM computer system appeared to have originated in China, although the investigation is expected to take some time to complete.

The pilfered data, which was not encrypted, included Social Security numbers, residency, health, employment and education histories and information on family members and friends. In the cases of 19.7 million people who had applied for security clearances, the data also included material on criminal records, drug use and love lives. Information on about 1.8 million non-applicants, mostly spouses or cohabitants of applicants, also was stolen.

Most of the background checks stolen by the hack took place in 2000 or later, but individuals who underwent checks before 2000 could also have been affected, the Navy said.

“It will … take years before the full security repercussions may be known, and the intelligence community is already taking steps to address any new vulnerabilities posed by the compromise of this data,” said Rep. Adam Schiff of California, the senior Democrat on the House Intelligence Committee.

White House spokesman Josh Earnest insisted that Archuleta had resigned “of her own volition.” He declined to say whether any of Obama’s personal data was swept up and who the administration suspects was responsible for the breach. He also refused to discuss what the administration believes the hackers intend to do with the stolen information.

“Obviously we want to make sure that those who may be affected by this breach get as much protection and support that we can offer them,” Earnest said.

“I conveyed to the president that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work,'” Archuleta said in a statement.

OPM will provide those affected with credit reporting and identity theft prevention services, and it is setting up a call center from which they could obtain advice, he said.

An administration official, who spoke on the condition of anonymity for lack of authorization to discuss the issue publicly, said “multiple attempts” had been made to contact all 4.2 million people affected by the first breach.

Of that number, more than 850,000 have enrolled to receive free 18-month subscriptions to identity protection services.

About 3.6 million people affected by the first breach also lost personal data in the second, bigger hack, he said.

Archuleta resigned a day after she disclosed the theft of the personal information of 21.5 million federal job applicants and current and past employees whose backgrounds her agency reviewed. At that time, she said she had no intention of submitting to calls for her to quit from lawmakers on both sides of the aisle.

Her disclosure of the breach followed the revelation last month of a separate but related theft of the Social Security numbers and other information of 4.2 million current and former federal workers that was stored in a database maintained at the Department of the Interior.

Word of Archuleta’s resignation was applauded by members of Congress who had been pushing for her departure, charging that she had ignored warnings from her agency’s own inspector general to implement protective upgrades to OPM’s computer systems.

“This is the absolute right call,” said Rep. Jason Chaffetz, R-Utah, chairman of the House Oversight and Government Reform Committee. “OPM needs a competent, technically savvy leader to manage the biggest cybersecurity crisis in this nation’s history.”

Republicans have sought to use the cyberattacks to accuse Obama of poor management, with former Florida Gov. Jeb Bush, a leading GOP presidential candidate, last month charging that if he had been president, Archuleta would have been fired.

The head of the country’s largest federal employees union, however, blamed the breaches on deep cost-cutting by Congress.

“Budget austerity has consequences and we are seeing one of them right now,” said J. David Cox Sr., national president of the American Federation of Government Employees. “OPM could and should have done a better job of cybersecurity with the resources they had. But going forward, I hope one lesson learned from these breaches is that when you refuse to fund the operations of government you will have hugely consequential failures.”

Archuleta will be replaced temporarily by Beth Colbert, a deputy director at the Office of Management and Budget, until a successor can be found.

©2015 McClatchy Washington Bureau. Distributed by Tribune Content Agency, LLC.

from around the web