US personnel chief resigns in wake of massive data breach

The head of the U.S. government's Office of Personnel Management (OPM) resigned Friday in the wake of a massive data breach on her watch.

A White House official said President Barack Obama accepted the resignation of OPM Director Katherine Archuleta in the morning. She was expected to stay on the job through the end of the day.

The official said Deputy Director Beth Cobert will be acting director starting Saturday.

Archuleta's resignation came the day after her agency disclosed that hackers stole the personal information of more than 21 million people from OPM databases. Previous government estimates of how many were affected by the breach were far smaller.

Members of Congress in both parties had demanded Archuleta's resignation.

Hackers downloaded Social Security numbers, health histories and other highly sensitive information from OPM databases, affecting more than five times the 4.2 million people the government initially disclosed earlier this year.

Since then, the administration has acknowledged a second, related breach of systems housing private data that individuals submit during background investigations to obtain security clearances.

Although the government declined to identify any suspected hackers, officials said the same party was responsible for both hacks. Numerous U.S. lawmakers who have been briefed on the federal investigation have pointed the finger at China.

Word that the breach was far more severe than previously acknowledged drew indignation from members of Congress, who said the administration has not done enough to protect personal data in government systems. It also prompted calls for Archuleta and her top deputies to resign.

The government insisted there was no indication the hackers have used the stolen data.

Members of Congress, including Senate Democratic leader Harry Reid, have said China was behind the attack, and investigators previously told The Associated Press that the U.S. government was increasingly confident that China's government — not criminal hackers — was responsible for the extraordinary theft.

But Michael Daniel, Obama's cybersecurity coordinator, said Thursday that the government was not yet ready to say who was responsible. Still, he added, "Just because we're not doing public attribution does not mean that we're not taking steps to deal with the matter."

China has denied involvement in the break-in.

The administration said it has stepped up its cybersecurity efforts by proposing legislation, urging private industry to share more information about attacks and examining how the government conducts sensitive background investigations.

"Each and every one of us at OPM is committed to protecting the safety and the security of the info that is placed in our trust," Archuleta said. In early June, government employees received notice that OPM would offer credit-monitoring services and identity-theft insurance to those affected.

The White House waited about a month before telling the public that hackers had stolen the personal information of millions of people associated with the government, people directly involved with the investigation told the AP last month.

"It's a treasure trove of information about everybody who has worked for, tried to work for or works for the United States government," FBI Director James Comey said Thursday, describing the scope of the breach as "huge" and "a very big deal."

The Associated Press