Oversight Republicans urge Obama to fire OPM officials over hack

Oversight Republicans urge Obama to fire OPM officials over hack
© Getty Images

Republican members of the House Oversight and Government Reform Committee on Friday formally asked President Obama to fire two top Office of Personnel Management (OPM) officials for their role in a massive data breach that shook the government.

OPM Director Katherine Archuleta and OPM Chief Information Officer Donna Seymour have faced withering criticism from Congress since the hacks were revealed in June.

ADVERTISEMENT

It’s believed that Chinese cyberattackers made off with upwards of 18 million American’s personal data — including personnel files and security clearance background checks — as a result of the digital intrusion.

“Simply put, the recent breach was entirely foreseeable, and Director Archuleta and CIO Donna Seymour failed to take steps to prevent it from happening despite repeated warnings,” said a letter signed by 18 of the Oversight panel’s 25 Republicans.

Over two hearings, Oversight committee members bashed Archuleta and Seymour for failing to heed the warnings of the agency’s inspector general, Patrick McFarland.

In a November audit, McFarland recommended shutting down 11 of the agency’s 47 systems because they lacked proper security certificates. Archuleta ultimately decided to keep the systems running, fearing a gap in employee benefits and paychecks if they were simply turned off.

Her response has not satisfied lawmakers or McFarland, who told senators in a Thursday hearing that he didn’t have confidence in Archuleta.

“I believe that the interest and the intent is there,” he said. “But based on what we’ve found, no.”

In their letter, Republican members also dinged the two officials for not encrypting all of the personnel agency’s sensitive data, and for not installing full two-factor authentication across the agency.

Both OPM officials have described the agency’s systems as too outdated to support modern encryption methods, and insisted there has long been a plan in place to implement encryption where they can. The breached agency is also speeding up its rollout of full two-factor authentication.

“There is no excuse,” the letter read. “These are basic cybersecurity best practices that should have been addressed years ago.”

“These catastrophic failures to implement relatively routine countermeasures allowed our adversaries to land a ‘significant blow’ to America’s human intelligence programs,” it added. “This country’s hard working federal employees deserve better, and these systems are too important to leave unsecured.”