U.S. Personnel Director Resigns After Massive Data Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://finance.yahoo.com/news/u-personnel-director-resigns-massive-163724001.html

The U.S. government’s human resources director resigned Friday, a White
House official said, a day after disclosing that hackers stole personal
data for more than 22 million people in one of the worst security breaches
in history.

Katherine Archuleta, director of the Office of Personnel Management,
stepped down after several lawmakers in both parties complained that she
had failed to install appropriate safeguards for the government’s records
and did not quickly detect or address the breach.

President Barack Obama, who appointed Archuleta in 2013, accepted the
resignation as his administration pledged to step up its cybersecurity
efforts and help the 22.1 million people whose data was stolen.

Archuleta’s agency disclosed the full scope of the breach for the first
time on Thursday. Hackers accessed Social Security numbers, fingerprints,
contact information, and user names and passwords of federal employees,
contractors and their spouses dating back more than a decade.

“Too much trust has been lost, and too much damage has been done,” House
Speaker John Boehner said in a statement on Thursday. “President Obama must
take a strong stand against incompetence in his administration and instill
new leadership at OPM so we can move forward in a fashion that begins to
restore the confidence of the American people.”

Boehner, McCain

Boehner was joined by Republican Majority Leader Kevin McCarthy of
California and Majority Whip Steve Scalise of Louisiana in calling for
Archuleta’s firing. In the Senate, Democrat Mark Warner of Virginia and
Republican John McCain of Arizona said she should be replaced.

Archuleta told reporters on Thursday that she had no plans to resign and
was working to improve cybersecurity at the department and provide
credit-monitoring services to those affected by the hack.

“When I took office in late 2013 one of my priorities was to upgrade OPM’s
antiquated legacy system,” she said. “It is because of the efforts of OPM
and its staff that we’ve been able to identify the breaches.”

Obama administration officials have defended Archuleta since the breach was
disclosed last month, crediting her office with unearthing the intrusion
during a project to upgrade security on government networks.

“Over the last year, as director Archuleta noted, OPM has been aggressively
improving its security,” Andy Ozment, assistant secretary of the Office of
Cybersecurity and Communications at the Department of Homeland Security,
told reporters on Thursday. “OPM caught an intrusion because of the tools
that it had rolled out.”

Chinese Government

The Chinese government is a top suspect in the attack, according to
Director of National Intelligence James Clapper, some lawmakers and
cybersecurity companies that conduct forensics investigations.

In two separate intrusions, the hackers gained access to U.S. government
records for almost a year beginning last May, Ozment said. Most of the
records relate to people who had applied for a background investigation,
the personnel agency said.

OPM said it would provide free credit monitoring for people whose data was
stolen. Along with other federal agencies, it is taking several steps to
upgrade and defend its network, Archuleta said.

A government-wide 30-day effort to review cybersecurity efforts will wrap
up later this month.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!