OPM Director Resigns After 21.5 Million Social Security Numbers Stolen In Data Breach
Katherine Archuleta, director of the Office of Personnel Management (OPM), handed her resignation to President Obama after the data of 21.5 million people was compromised in the largest data breach in the U.S. government’s history. The leaked information contained social security numbers, fingerprints, login credentials and background investigation records.
According to Josh Earnest, the White House press secretary, she offered her resignation “of her own volition.” Archuleta realized that the agency “required a manager with a set of specialized skills and experiences.” In other words, someone with much more experience in security and cryptography.
At an earlier House hearing on the OPM hack, many committee members thought Ms. Archuleta should be fired for allowing such a devastating attack to happen under her watch and for not properly protecting the sensitive information of millions of federal employees.
The Inspector General has been warning the OPM for many years that its security measures weren’t strong enough, but his recommendations to enable two-factor authentication and database encryption, for instance, were not followed. Even after the attack, director Archuleta didn’t seem in a hurry to collaborate with the Inspector General on this.
The new acting director of OPM will be Beth Cobert, who was up until now the U.S. chief performance officer and deputy director for management at the Office of Management and Budget. OBM is the same agency that a few weeks ago published new security policies, which required all federal websites to adopt HTTPS encryption by the end of 2016.
In the earlier House hearings, many believed that Donna Seymour, the Chief Information Officer of OPM, was at least as responsible, if not more so, as Katherine Archuleta, the agency’s director. That’s because Donna Seymour was the person specifically in charge of the security of the OPM. However, the White House hasn’t called for her resignation, so far. It’s possible, though, that with a new director in charge, the CIO could be replaced soon as well.
source : tomshardware.co.uk