U.S. senators said they doubt the government’s personnel office understands the breadth of a computer hack that exposed the records of more than 4 million federal workers, or that the agency can stop another breach.
Katherine Archuleta, the director of the Office of Personnel Management, the government’s human-resources agency, was among officials providing a classified briefing to senators Tuesday, ahead of a public hearing Wednesday.
“OPM is having a difficult time completing its forensics work to determine exactly” how many people were affected, Senator Susan Collins, a Maine Republican, said after the briefing. “I would wager that in the end it’s going to be significantly more than the 4.2 million.”
OPM has taken 23 steps, including installing more firewalls and mandating cybersecurity training, to shore up its networks since Archuleta became director, the agency said in a report released Wednesday. Going forward, OPM will hire a new cybersecurity adviser and consider encrypting more data to guard against hackers, the report said.
Federal officials familiar with the breach first announced June 4 have said that hackers connected to the Chinese government are believed to be responsible, but the Obama administration has declined to publicly blame any nation. The hack, in which intruders gained access to forms recording personal information about people who apply for security clearances, is one of the largest and most serious in the government’s history.
“If there’s a smoking gun, it appears to be held in the arms of our Chinese friends,” Senator Tom Carper, a Delaware Democrat, said after the briefing.
Among the employees whose records may have been accessed are U.S. senators, Collins said. She said she and at least three colleagues she declined to name had received letters from OPM warning that their personal data were compromised.
Collins said she followed the agency’s instructions and signed up online for identity theft and credit monitoring.
“It’s like, ’Boy, I hope they bothered to encrypt this one,’” she said. “I don’t know whether I’ve added to my problem or whether I’ve solved it.”
Senators exiting the meeting declined to assign blame to Archuleta or other federal officials for the hack. Stephanie O’Sullivan, principal deputy director of national intelligence, and Jeh Johnson, the secretary of the Department of Homeland Security, also briefed the senators.
Former Florida governor Jeb Bush, a Republican presidential candidate, said Tuesday on Twitter that he would have fired Archuleta. The breach wasn’t discovered for months after hackers first gained access to OPM data.
Senator Barbara Mikulski, a Maryland Democrat, said after the briefing she didn’t believe Archuleta should be asked to resign.
Senator Dianne Feinstein of California, the top Democrat on the Intelligence Committee, said earlier on Tuesday that the hack underscores the need for legislation to boost the government’s online defenses.
“My concern is to get cybersecurity legislation through,” Feinstein said, adding that she was “hopeful” the Senate could consider such a measure following next week’s July 4 break.