Office of Personnel Management Director Katherine Archuleta resigned Friday, a day after revealing that the recent data breach of government computers was vastly larger than originally thought.
Archuleta confirmed her departure in an email to OPM staff.
“I write to you this afternoon to share that earlier today, I offered and the President accepted my resignation as the Director of the U.S. Office of Personnel Management,” she wrote. “Leading this agency and serving with all of you has been the highlight of my career.”
Starting Saturday, Beth Cobert, currently the U.S. chief performance officer and a deputy director at the Office of Management and Budget, will take over as acting director of OPM.
Archuleta acknowledged Thursday that her agency had discovered in April that hackers had breached sensitive personnel databases and had stolen the personal data of 22.1 million current, former and prospective U.S. government employees and their family members.
Support for Archuleta crumbled after her testimony. But she had never received a thorough vetting of her qualifications for the job.
When she won Senate confirmation to lead the Office of Personnel Management, the chief objections from lawmakers who voted against her focused on Obamacare.
That was October 2013, and the 62-35 vote reflected the political concerns at the time about how the agency, which serves as the federal government’s HR department, would implement parts of the health care law opposed by Republicans.
In nominating Archuleta, the President said: “Katherine brings to the Office of Personnel Management broad experience and a deep commitment to recruiting and retaining a world-class workforce for the American people.” The White House announcement listed a series of chief-of-staff and policy jobs in Denver and Washington before her job on the president’s campaign.
Less attention focused on the agency’s role in handling government security clearances and how it safeguards some of the most sensitive U.S. government databases.
Even less was paid to why Archuleta — whose most recent job was as a national political director for Obama for America, the President’s reelection campaign — was the person to help fix what was an agency already struggling to deal with technology problems and serious data breaches.
Aides to Republican lawmakers who voted for her confirmation now acknowledge they didn’t pay enough attention to the importance of technology in the agency Archuleta was taking over.
U.S. investigators believe Chinese government hackers are behind the breach, the worst ever against the U.S. government. Some of the most sensitive security background check data, including information on mental and drug histories of federal job applicants, is now in the hands of Chinese intelligence, according to U.S. authorities.
House Speaker John Boehner on Thursday became the highest-ranking lawmaker to call for Archuleta resignation. He was joined by Democratic Sen. Mark Warner of Virginia. In recent weeks more than 20 other lawmakers had demanded she be fired.
Critics now call her a political hack who shouldn’t have the job, even though she got the job with bipartisan support and her political past played little role in her Senate confirmation.
Administration officials privately acknowledged Archuleta has performed poorly in hearings and briefings, and that she has made missteps to hurt her own cause. At a recent hearing she was asked if she had met with FBI Director James Comey to discuss the investigation, given the seriousness of the breach. No, was her answer.
Her briefings for lawmakers have come across as misleading, in part because she stuck by a public estimate that only 4 million people were affected by the breach, even as Comey had told lawmakers the number was nearly five times larger and cited OPM’s own internal data.
The White House was saying even Friday morning that President Barack Obama continued to have confidence in her.
Even before Archuleta took the job, there were signs of trouble at OPM that demanded attention. Internal audits found the agency was woefully behind in meeting security standards for sensitive databases.
By the time Archuleta took office, hackers had begun a series of breaches that investigators believe eventually led to the mother lode: the intrusion that began in 2014 and the eventual theft of personal records from two databases.
Archuleta likely wouldn’t have known about the earlier breaches before taking office. But she knew enough about the agency’s struggles to make this promise in response to written questions provided by senators voting on her nomination: “If confirmed as director of OPM, improved management of OPM’s IT, including proper security and data management, will be one of my top priorities.”
She also promised to create a plan within her first 100 days to modernize the agency’s technology and to appoint a chief technology officer focused on the issue.
She did make the CTO appointment and, the agency says that Archuleta is responsible for major improvements in OPM’s security. They credit some of those improvements for detecting the latest breach, though it came perhaps up to a year after hackers broke in.
OPM has identified five major breaches of its computer networks since mid-2012, according to data the agency has provided lawmakers. The first occurred in May, 2012 and involved a critical software system. Investigators later determined that a roadmap for several of OPM’s proprietary software systems was available for some time on an insecure publicly-available website.
Hackers struck the same system again in March 2013. A year later hackers breached a background investigations database. But they had trouble stealing data because OPM’s computer systems were outdated. That breach was discovered in July 2014.
By then, the intrusions into separate databases, now at the center of the OPM crisis, had already begun, investigators believe. And this time, hackers succeeded in stealing a trove of data. Late last year, a new breach occurred in an Interior Department database that housed data on behalf of OPM.