U.S.

Katherine Archuleta, Director of Personnel Agency, Resigns

By JULIE HIRSCHFELD DAVISJULY 10, 2015

Katherine Archuleta, the director of the Office of Personnel Management, at a Senate hearing last month. Ms. Archuleta resigned the post on Friday. CreditChip Somodevilla/Getty Images North America

WASHINGTON — Katherine Archuleta, the director of the Office of Personnel Management, resigned under pressure on Friday, one day after the government revealed that two sweeping cyberintrusions at the agency had resulted in the theft of the personal information of more than 22 million people, including those who had applied for sensitive security clearances.

Ms. Archuleta went to the White House on Friday morning to inform President Obama that she was stepping down immediately. She said later in a statement that she felt new leadership was needed at the federal personnel agency to enable it to “move beyond the current challenges.”

Her resignation marked a swift reversal but did little to calm the aftershocks of the disclosure this week of what appears to be the largest cybertheft affecting the federal government. On Thursday, Ms. Archuleta insisted in a conference call with reporters that she would stay on to address the vulnerabilities that led to the breach.

Both attacks are believed to have originated in China, but administration officials have declined to name a culprit.

Mr. Obama and his administration struggled on Friday to cope with the fallout from the intrusion, which compromised the Social Securitynumbers, addresses, financial and health histories and other private details of millions of people, and to come to terms with the longer-term implications of a computer security lapse that has underscored severe weaknesses across the federal government.

Representative Adam Schiff of California, the top Democrat on the House Intelligence Committee, said while he welcomed the news of Ms. Archuleta’s resignation, “I don’t think we can expect that a change of a single person can be a satisfactory answer to the problems at O.P.M.”

“Every other agency should have its head examined if it’s not taking steps to protect its data,” Mr. Schiff said. “Because if there’s a problem at one agency, there’s likely a problem at other agencies.”

“Not enough,” Senator Ben Sasse, Republican of Nebraska, said in a statement on Friday. In a post on the technology website Wired, Mr. Sasse said the breach may have handed China “the largest spy-recruiting database in history.”

“Unless we admit our mistakes, and build a robust response and deterrence strategy, it will absolutely happen again,” Mr. Sasse wrote.

The revelations have set off a crisis response by the administration to technology weaknesses that officials acknowledge plague the entire federal bureaucracy.

At the White House, Josh Earnest, Mr. Obama’s spokesman, said the administration was rushing to conduct a “rapid reassessment of the state of cybersecurity measures, and accelerate the implementation of reforms that need to be adopted.”

Those include the wider adoption of two-factor authentication, which requires anyone with the password to a system to use a second, one-time password to log in from an unrecognized computer, he said.

The administration is also working, Mr. Earnest said, to impose stricter curbs on “privileged users,” who have enhanced access to a computer system, and better monitoring their conduct on government networks.

He said the administration had not yet arrived at an estimate of the potential cost of addressing the data theft and protecting its victims. O.P.M. has offered three years of free credit reporting, monitoring and protection to the millions affected, but some members of Congress and organizations representing federal employees are demanding a lifetime of such services.

Representative Jason Chaffetz, Republican of Utah and the chairman of the House Oversight Committee, said in a statement that “this should have been addressed much, much sooner, but I appreciate the president doing what’s best now.”

Mr. Earnest said Ms. Archuleta had resigned “of her own volition,” adding that while she had been an “effective director, Mr. Obama believed that new leadership at the agency was “badly needed.” He also noted that she does not have “this particular expertise” in cybersecurity.

Beth Cobert, the deputy director of management at the Office of Management and Budget and a former longtime management consultant at McKinsey & Company, will step in temporarily to replace Ms. Archuleta while a permanent successor is found, Mr. Earnest said.

Ms. Archuleta, who assumed her post in November 2013, had been under pressure from lawmakers in both parties to resign since last month, when she announced the first of two separate but related computer intrusions that compromised the personnel files of 4.2 million current and former federal workers.

On Thursday, she divulged the breach also had led to the theft of the personal data of 21.5 million people who had applied for government background checks, likely affecting anyone subjected to such an investigation since 2000. About 3.6 million people’s information was stored in both hacked databases.

On a conference call detailing the scope of the intrusion late Thursday afternoon, Ms. Archuleta insisted she would not step down in the face of calls for her ouster.

But just hours later, she was at the White House to inform Mr. Obama she would depart. In her statement on Friday, Ms. Archuleta, the first Latina to head the O.P.M., said she was proud of her efforts to promote diversity and her information technology strategic plan, and that serving there had been “the highlight of my career.”

Ms. Archuleta served in the Clinton administration, and later under Mr. Obama as the chief of staff of the Labor Department. When she started at the personnel agency in 2013, she unveiled a plan of action that included improvements to its antiquated computer systems and bolstering protections against cyberintrusions. But she was also tasked with speeding a sluggish background check process that could stretch on for months or more.

On Thursday, she said she had launched a 90-day interagency review of the background check process that she would co-chair. Now that audit will fall to Ms. Cobert.

Correction: July 10, 2015

An earlier version of this article misstated the number of people affected by cyberattacks on the Office of Personnel Management. It is 22 million, not 25 million, according to the Obama administration.