OPM Director Katherine Archuleta Resigns After Massive Personnel Data Breach Including 5.6 Million Fingerprints
Security-clearance details were also compromised. Because of this, secret agents were no longer safe! OPM Director Katherine Archuleta Resigns After Massive Personnel Data Breach Including 5.6 Million Fingerprints
Office of Management and Budget’s Beth Cobert will take over as acting director effective Saturday.
WASHINGTON—Katherine Archuleta, the embattled Office of Personnel Management director, resigned Friday as the backlash grew over her office’s handling of the extensive hacking of millions of federal employee records that included security-clearance details dating back 15 years.
Lawmakers from both political parties had called on her to resign over OPM’s handling of the breach, with some questioning her ability to steer the office through crisis. Her resignation was effective Friday.
On Thursday, Ms. Archuleta disclosed that cyber-intrusions had exposed sensitive data about more than 21 million people, a disclosure that prompted additional Democrats to join Republican lawmakers in urging a change in OPM leadership.
Beth Cobert, the U.S. chief performance officer and deputy director for management at the Office of Management and Budget, will serve as the office’s acting director until a permanent successor is named, a White House official said.
Ms. Archuleta had said as recently as Thursday she wouldn’t step down and would instead work to improve OPM’s network security. On Friday, she told President Barack Obama it was best for her to step aside and allow the office to move forward with new leadership.
White House Press Secretary Josh Earnest said Ms. Archuleta was leaving of her own volition. He added that Ms. Archuleta “recognizes, as the White House does, that the urgent challenges currently facing the Office of Personnel Management require a manager with a specialized set of skills and experiences.”
In a written statement, Ms. Archuleta said leading OPM had been the highlight of her career. She didn’t directly address the hack. “I conveyed to the president that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges,” Ms. Archuleta said.
Ms. Cobert, who begins as OPM acting director on Saturday, has led efforts to improve how the government operates and delivers services, the White House official said. A former director and senior partner at McKinsey & Co., Ms. Cobert also has worked on improving the management of federal information-technology spending.
OPM in June disclosed that 4.2 million personnel records had been stolen in cyberattacks. Officials confirmed this week that the breach was much more extensive and involved more than 21 million Social Security numbers.
Hackers likely stole every background-investigation form completed by OPM since 2000—an unprecedented theft officials have said could be used for blackmail or counterintelligence for years.
Director of National Intelligence James Clapper has pointed to Chinese hackers as the leading suspects. A spokesman for the Chinese Embassy in Washington has said the Chinese government and the personnel in its institutions never engage in any form of cyberattacks and called for an end to “unfounded and hypothetical accusations.”
Lawmakers on Friday called for additional steps to prevent future breaches.
House Republican leaders said in a written statement on Friday that Mr. Obama is responsible for repairing any damage to national security. Rep. Ted Lieu (D., Calif.) separately said the security-clearance system should be moved out of the agency.
“The massive security-clearance breach also shows that OPM is not the proper agency to protect the crown jewels of American intelligence,” he said. “OPM was never designed to be an intelligence or national security agency.”
The stolen records include Social Security numbers, fingerprint records and millions of forms with data such as people’s mental-health histories.
The personnel forms exposed include those of senior officials at the Federal Bureau of Investigation, State Department, Department of Defense, Energy Department and even the Central Intelligence Agency.
The White House has declined to say whether the president’s personal information was swept up in the hack.
Senate Majority Leader Mitch McConnell (R., Ky.) said the Obama administration needs to lay out a plan of action to address the issues created by the hack.
“That means showing a resolve to get to the bottom of what happened,” he said. “That means giving the American people renewed confidence in a creaking bureaucracy; and that means pledging to work with policy makers to enact real reforms.”
Ms. Archuleta, who was sworn in as OPM director in November 2013 and who had previously worked in the Obama administration as chief of staff to former Labor Secretary Hilda Solis, had said that she was working to overhaul OPM’s outdated technology infrastructure, and that the process had been expedited in the wake of the breaches.
William Dougan, president of the National Federation of Federal Employees, said Ms. Archuleta’s resignation left government workers in a “dire state of uncertainty,” and he called on the administration to get control of the situation.
“The volatility of this situation has escalated exponentially, and we face a void of leadership,” he said. “All the while, millions of federal employees that have had their personal information compromised continue to go without the suite of protections they need and deserve from OPM.”
OPM has announced plans to contract with a private company and provide the millions of people whose records were exposed in the breach three years of identity-theft protection.
A Judge Has Finalized The $63M OPM Hack Settlement
Feds Now Have Two Months to Sign Up for Damages.
So far, more than 19,000 data breach victims are seeking payouts of up to $10,000.
A federal judge on Wednesday formally finalized a $63 million settlement that will soon allow thousands of current and former federal employees to receive payouts as part of the agreement stemming from a 2015 breach of data maintained by the Office of Personnel Management.
District Judge Amy Berman Jackson said all parties had fulfilled their obligations since they reached a preliminary agreement in June, including taking proper steps to notify the victims of the hack of their eligibility to potentially receive monetary damages.
Jackson added in her order the settlement is “fair, reasonable and adequate, and in the best interests of the class.”
OPM disclosed two data breaches in 2015: one that exposed the personnel files of all current and former federal employees and another that released the personally identifiable information of all applicants for security clearances, as well as their families.
Those individuals are set to receive a minimum of $700 and up to $10,000 from the agreement if they can prove they were victims of the hack and incurred out-of-pocket expenses or lost compensable time. More than 22.1 million people were impacted by the breaches.
They now have until Dec. 23 to file a claim for damages. The plaintiffs are part of a class action lawsuit that reached a $63 million settlement earlier this year with OPM and its contractor, now known as Peraton Risk Decision Inc.
As of the latest filing earlier this month, more than 19,000 employees have filed a claim.
Jackson made clear the government and Peraton were not admitting guilt and would not play any part in doling out the settlement to class members. That role will fall to Epiq, the firm overseeing the implementation of the agreement.
The court itself will retain jurisdiction over administration and interpretation of the settlement, Jackson said. The judge upheld the settlement over the objections of more than a dozen class members who submitted concerns.
Nearly all of the 22 million impacted by the breach will no longer have any standing to sue the government or Peraton due to the hacks, except for the 114 individuals who proactively asked to be excluded from the settlement.
In order to qualify for the payouts, hack victims must show they purchased their own credit monitoring or identity theft protection services, accessed a credit report or made efforts to mitigate an identity theft incident.
Epiq, which said it expects more class members to file claims over the next two months, will review and audit all claims that it receives.
Individuals must affirmatively make a claim to be eligible for monetary compensation, which they can do on OPMDataBreach.com. They are encouraged to provide documentation of their related expenses, for which they can be compensated up to $10,000.
In addition to providing notice to hack victims of the settlement and the steps for signing up, Epiq has overseen an advertising campaign to raise awareness of the agreement. The firm said it would make more than 700 million impressions through print, digital and social media ads.
It is not yet clear exactly when breach victims could start receiving their compensation, though the court ordered the payouts to begin as expeditiously as possible after the Dec. 23 deadline. Epiq will also have to review and audit the claims it receives.
The defendants have already agreed to pay the plaintiffs’ attorneys from Girard Sharp LLP $7 million in fees. Congress has mandated that OPM provide victims 10 years of credit monitoring and identity theft protections.
The agency has signed two contracts with ID Experts to provide the services, the first worth $340 million and the second worth up to $416 million.