The U.S. government’s human resources director resigned Friday, a day after disclosing that hackers stole personal data for more than 22 million people from her agency in one of the worst security breaches in history.
Katherine Archuleta, director of the Office of Personnel Management, stepped down after several lawmakers in both parties complained that she had failed to install appropriate safeguards for the government’s records and did not quickly detect or address the breach.
President Barack Obama, who appointed Archuleta in 2013, accepted the resignation as his administration pledged to step up its cybersecurity efforts and help the 22.1 million people whose data was stolen.
“Today I informed the OPM workforce that I am stepping down as the leader of this remarkable agency and the remarkable people who work for it,” Archuleta said in a statement. “I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work.”
The acting OPM director will be Beth Cobert, who is currently the U.S. chief performance officer and deputy director for management at the Office of Management and Budget, according to the White House.
Archuleta’s agency disclosed the full scope of the breach for the first time on Thursday. Hackers accessed Social Security numbers, fingerprints, contact information, and user names and passwords of federal employees, contractors and their spouses dating back more than a decade.
Obama believes that someone with specialized skills to deal with “urgent” challenges at the agency is “badly needed,” White House spokesman Josh Earnest told reporters on Friday.
“The president is determined to ensure that all of his leaders of government agencies need to understand that this is a priority,” Earnest said.
Republican and Democratic lawmakers alike said resigning was the right move.
“This is the absolute right call,” Representative Jason Chaffetz, a Utah Republican and chairman of the House Oversight and Government Reform Committee, said in a statement. “OPM needs a competent, technically savvy leader to manage the biggest cybersecurity crisis in this nation’s history.”
The leadership change shows that it isn’t enough to blame hackers and that officials must be held responsible for breaches, said Representative Adam Schiff of California, the top Democrat on the House intelligence committee.
“It will also take years before the full security repercussions may be known, and the intelligence community is already taking steps to address any new vulnerabilities posed by the compromise of this data,” Schiff said.
Others who called for Archuleta to resign included House Speaker John Boehner, Republican Majority Leader Kevin McCarthy of California and Majority Whip Steve Scalise of Louisiana. In the Senate, Democrat Mark Warner of Virginia and Republican John McCain of Arizona said she should be replaced.
House Republican leaders said in a statement that the departure “does not in any way absolve the president of the responsibility to repair this damage to our national security.”
Archuleta told reporters on Thursday that she had no plans to resign and was working to improve cybersecurity at the department and provide credit-monitoring services to those affected by the hack.
“When I took office in late 2013 one of my priorities was to upgrade OPM’s antiquated legacy system,” she said. “It is because of the efforts of OPM and its staff that we’ve been able to identify the breaches.”
Obama administration officials have defended Archuleta since the breach was disclosed last month, crediting her office with unearthing the intrusion during a project to upgrade security on government networks.
“Over the last year, as director Archuleta noted, OPM has been aggressively improving its security,” Andy Ozment, assistant secretary of the Office of Cybersecurity and Communications at the Department of Homeland Security, told reporters on Thursday. “OPM caught an intrusion because of the tools that it had rolled out.”
The Chinese government is a top suspect in the attack, according to Director of National Intelligence James Clapper, some lawmakers and cybersecurity companies that conduct forensics investigations.
In two separate intrusions, the hackers gained access to U.S. government records for almost a year beginning last May, Ozment said. Most of the records relate to people who had applied for a background investigation, the personnel agency said.
OPM said it would provide free credit monitoring for people whose data was stolen. Along with other federal agencies, it is taking several steps to upgrade and defend its network, Archuleta said.
A government-wide 30-day review of cybersecurity efforts will wrap up later this month.