The government’s personnel office chief is rejecting bipartisan calls for her to step down following revelations that hackers stole the personal information of more than 21 million people on her watch.
Katherine Archuleta, director of the federal Office of Personnel Management, said she has no plans to step down and is committed to continuing her work for the agency. The White House, which had previously stated that President Barack Obama was confident in her leadership, said there were no plans to change its position despite the calls for her resignation.
The increased calls for Archuleta to be replaced came as the Obama administration disclosed Thursday that the number of people affected by the massive data breach was far higher than previously reported.
Hackers downloaded Social Security numbers, health histories or other highly sensitive data from OPM’s databases, affecting more than five times the 4.2 million people the government first disclosed this year. Since then, the administration acknowledged a second, related breach of systems housing private data individuals submit during background checks to obtain security clearances.
Officials said the same party was responsible for both hacks, but failed to identify what person or group perpetrated the hack. Numerous lawmakers have pointed the finger at China.
Word that the breach was far more severe than previously disclosed drew indignation from members of Congress who have said the administration has not done enough to protect personal data in their systems, as well as calls for Archuleta and her top deputies to resign.
House Republican leaders – Speaker John Boehner, Majority Leader Kevin McCarthy and Whip Steve Scalise – called for Archuleta’s resignation, and Boehner said the president must “take a strong stand against incompetence.”
Even Democrats joined the call for Archuleta to go. Democratic Sen. Mark Warner of Virginia decried Archuleta for a “slow and uneven response” that he said had undermined confidence in her abilities.
"It is time for her to step down, and I strongly urge the administration to choose new management with proven abilities to address a crisis of this magnitude with an appropriate sense of urgency and accountability," Warner said.
Among the data the hackers stole: criminal, financial, health, employment and residency histories, as well as information about their families and acquaintances. The second, larger attack affected more than 19 million people who applied for clearances, as well as nearly 2 million of their spouses, housemates and others.
"Such incompetence is inexcusable," said House Oversight and Government Reform Committee Chairman Jason Chaffetz, a Utah Republican, in repeating his calls for Archuleta's resignation. Chaffetz said Archuleta and her aides had "consciously ignored the warnings and failed to correct these weaknesses."
Yet Archuleta insisted Thursday she would not step down, telling reporters during a conference call, "I am committed to the work that I am doing."
"I truly understand the impact this has on our current and former employees, our military personnel and our contractors," she added.
Archuleta said the hackers obtained user names and passwords and that prospective employees used to fill out their background investigation forms, as well as the contents of interviews conducted as part of those investigations. But the government insisted there were no indications the hackers have used any of the data they obtained.
Members of Congress, including Senate Democratic leader Harry Reid, said China was the main player behind the attack. Investigators have previously told The Associated Press that the U.S. was increasingly confident that China’s government – not criminal hackers – was responsible for the data breach.
Michael Daniel, Obama’s cybersecurity coordinator said Thursday that the government wasn’t ready to point an official finger at the hackers.
Still, he added cryptically, "Just because we're not doing public attribution does not mean that we're not taking steps to deal with the matter."
China has publicly denied involvement in the break-in.
The administration said it has stepped up its cybersecurity efforts by proposing new legislation, urging private industry to share more information about attacks and examining how the government conducts sensitive background investigations.
"Each and every one of us at OPM is committed to protecting the safety and the security of the info that is placed in our trust," Archuleta said. In early June, government employees received notice that OPM would offer credit-monitoring services and identity-theft insurance to those affected.
Meanwhile, the White House waited about a month before telling the public that hackers had stolen the personal information of millions of people associated with the government, people directly involved with the investigation told the AP last month.
"It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government," FBI Director James Comey said Thursday, describing the scope of the breach as "huge" and "a very big deal."
The Associated Press contributed to this report.