BreachExchange mailing list archives
U.S. Personnel Director Resigns After Massive Data Breach
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 10 Jul 2015 13:13:09 -0600
http://finance.yahoo.com/news/u-personnel-director-resigns-massive-163724001.html The U.S. government’s human resources director resigned Friday, a White House official said, a day after disclosing that hackers stole personal data for more than 22 million people in one of the worst security breaches in history. Katherine Archuleta, director of the Office of Personnel Management, stepped down after several lawmakers in both parties complained that she had failed to install appropriate safeguards for the government’s records and did not quickly detect or address the breach. President Barack Obama, who appointed Archuleta in 2013, accepted the resignation as his administration pledged to step up its cybersecurity efforts and help the 22.1 million people whose data was stolen. Archuleta’s agency disclosed the full scope of the breach for the first time on Thursday. Hackers accessed Social Security numbers, fingerprints, contact information, and user names and passwords of federal employees, contractors and their spouses dating back more than a decade. “Too much trust has been lost, and too much damage has been done,” House Speaker John Boehner said in a statement on Thursday. “President Obama must take a strong stand against incompetence in his administration and instill new leadership at OPM so we can move forward in a fashion that begins to restore the confidence of the American people.” Boehner, McCain Boehner was joined by Republican Majority Leader Kevin McCarthy of California and Majority Whip Steve Scalise of Louisiana in calling for Archuleta’s firing. In the Senate, Democrat Mark Warner of Virginia and Republican John McCain of Arizona said she should be replaced. Archuleta told reporters on Thursday that she had no plans to resign and was working to improve cybersecurity at the department and provide credit-monitoring services to those affected by the hack. “When I took office in late 2013 one of my priorities was to upgrade OPM’s antiquated legacy system,” she said. “It is because of the efforts of OPM and its staff that we’ve been able to identify the breaches.” Obama administration officials have defended Archuleta since the breach was disclosed last month, crediting her office with unearthing the intrusion during a project to upgrade security on government networks. “Over the last year, as director Archuleta noted, OPM has been aggressively improving its security,” Andy Ozment, assistant secretary of the Office of Cybersecurity and Communications at the Department of Homeland Security, told reporters on Thursday. “OPM caught an intrusion because of the tools that it had rolled out.” Chinese Government The Chinese government is a top suspect in the attack, according to Director of National Intelligence James Clapper, some lawmakers and cybersecurity companies that conduct forensics investigations. In two separate intrusions, the hackers gained access to U.S. government records for almost a year beginning last May, Ozment said. Most of the records relate to people who had applied for a background investigation, the personnel agency said. OPM said it would provide free credit monitoring for people whose data was stolen. Along with other federal agencies, it is taking several steps to upgrade and defend its network, Archuleta said. A government-wide 30-day effort to review cybersecurity efforts will wrap up later this month.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- U.S. Personnel Director Resigns After Massive Data Breach Audrey McNeil (Jul 15)