The final tally is in and this number really should come as no surprise to anyone who has been following the OPM hack since it was announced a few short weeks ago. Katherine Archuleta, the OPM Director, has resigned after the agency has admitted the hackers got away with data on 21.5 million Americans:
The director of the US Office of Personnel Management has handed in her resignation in the wake of further revelations about the scale of the hacking attack on the agency.
“This morning, I offered, and the President accepted, my resignation as the Director of the Office of Personnel Management,” she said in a statement.
“I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work.”
Last month, the OPM admitted that the personnel records of 4.1 million federal government employees had been stolen from its servers by hackers unknown. Then on Thursday the OPM revealed that an additional 21.5 million dossiers, including fingerprints and extensive background checks for security clearances, had been filched by hackers. The intruders had spent six months in the agency’s servers.
The ensuing investigation showed a pathetic level of security within the OPM. Many of its servers are so antiquated they can’t run encryption and modern security software, two-factor authentication is seldom used, and the agency wasn’t even sure how many computer networks it had.
It is good news the Director resigned but the CIO should be fired. She is far more culpable than the Director since the IT systems, which includes cyber security, are within her purview. The fact that the CIO is failing to take any responsibility for ignoring everything everyone had told her about OPM’s terrifying cyber security posture demonstrates highly ineffective leadership.