US OPM boss quits after hackers stole chapter and verse on 21.5m Americans' lives

Katherine Archuleta bows out after two years in the job

The director of the US Office of Personnel Management has handed in her resignation in the wake of further revelations about the scale of the hacking attack on the agency.

"This morning, I offered, and the President accepted, my resignation as the Director of the Office of Personnel Management," she said in a statement.

"I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work."

Last month, the OPM admitted that the personnel records of 4.1 million federal government employees had been stolen from its servers by hackers unknown. Then on Thursday the OPM revealed that an additional 21.5 million dossiers, including fingerprints and extensive background checks for security clearances, had been filched by hackers. The intruders had spent six months in the agency's servers.

The ensuing investigation showed a pathetic level of security within the OPM. Many of its servers are so antiquated they can't run encryption and modern security software, two-factor authentication is seldom used, and the agency wasn't even sure how many computer networks it had.

Archuleta has only been in the job for two years and had been implementing a plan to bring the OPM's networks up to scratch, albeit slowly. She faced harsh criticism for refusing to shut down servers identified by the US Inspector General as unsafe, and there have been numerous legislators calling for her scalp.

But as late as yesterday evening Archuleta was saying that she had no intention of resigning and would stay on to sort out the mess. It's clear that others disagreed and she has decided to step down rather than be fired.

"I am honored to have led this organization and to have served alongside the incredible team at OPM. I have complete confidence in their ability to continue to fulfill OPM’s important mission of recruiting, retaining, and honoring a world-class workforce to serve the American People," she said. "I conveyed to the president that I believe it is best for me to step aside and allow new leadership that will enable the agency to move beyond the current challenges and allow the employees at OPM to continue their important work."

The identity of the hackers isn't known, but James Clapper, Director of the National Intelligence, has said that China is the number one suspect. Former National Security Agency director Michael Hayden agrees, and said that the OPM was a legitimate target that he'd have hacked "at the speed of light" if he could get into the equivalent Chinese agency.

China has denied any involvement in the OPM hack, saying that the US should stop making "groundless accusations." ®

Similar topics

Other stories you might like

  • AsmREPL: Wing your way through x86-64 assembly language

    Assemblers unite

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all.

    REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages.

    Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

    Continue reading
  • Microsoft adds Buy Now, Pay Later financing option to Edge – and everyone hates it

    There's always Use Another Browser

    As the festive season approaches, Microsoft has decided to add "Buy Now, Pay Later" financing options to its Edge browser in the US.

    The feature turned up in recent weeks, first in beta and canary before it was made available "by default" to all users of Microsoft Edge version 96.

    The Buy Now Pay Later (BNPL) option pops up at the browser level (rather than on checkout at an ecommerce site) and permits users to split any purchase between $35 and $1,000 made via Edge into four instalments spread over six weeks.

    Continue reading
  • Visiting a booby-trapped webpage could give attackers code execution privileges on HP network printers

    Patches available for 150 affected products

    Tricking users into visiting a malicious webpage could allow malicious people to compromise 150 models of HP multi-function printers, according to F-Secure researchers.

    The Finland-headquartered infosec firm said it had found "exploitable" flaws in the HP printers that allowed attackers to "seize control of vulnerable devices, steal information, and further infiltrate networks in pursuit of other objectives such as stealing or changing other data" – and, inevitably, "spreading ransomware."

    "In all likelihood, a lot of companies are using these vulnerable devices," said F-Secure researchers Alexander Bolshev and Timo Hirvonen.

    Continue reading

Biting the hand that feeds IT © 1998–2021