House Oversight Chair Accuses OPM Director of Lying About Cyberattack

“It was misleading, it was a lie, and it wasn’t true,” Rep. Jason Chaffetz said.

Katherine Archuleta, director of Office of Personnel Management, testifies during a Senate Appropriations Financial Services and General Government Subcommittee hearing on Capitol Hill, June 23, 2015 in Washington, D.C.
National Journal
Dustin Volz
Add to Briefcase
Dustin Volz
June 24, 2015, 8:14 a.m.

House Over­sight Chair­man Jason Chaf­fetz on Wed­nes­day ac­cused the chief of the Of­fice of Per­son­nel Man­age­ment of ly­ing about the ex­tent of a 2014 cy­ber­at­tack waged against her agency.

In a con­ten­tious back-and-forth ex­change, Chaf­fetz said OPM Dir­ect­or Kath­er­ine Archu­leta was dis­hon­est about an in­tru­sion re­vealed in March 2014 that oc­curred on the of­fice’s net­works. Cit­ing a TV in­ter­view she gave after the at­tack was dis­closed, Chaf­fetz sug­ges­ted she had been mis­lead­ing about its im­pact when she said that in­form­a­tion had not been com­prom­ised.

“When we re­wind the tape “¦ you said, again, ‘We did not have a breach of se­cur­ity. There was no in­form­a­tion that was lost,’” Chaf­fetz said. “That was false, wasn’t it?”

Mo­ments be­fore, Donna Sey­mour, OPM’s chief in­form­a­tion of­ficer, ac­know­ledged that some in­form­a­tion was ex­posed dur­ing that hack, but that it was lim­ited to “out­dated se­cur­ity doc­u­ments” and oth­er manu­als re­lated to how the OPM op­er­ates.

But Archu­leta said the quote was be­ing mis­in­ter­preted, ar­guing that she was re­fer­ring only to per­son­ally iden­ti­fi­able in­form­a­tion and not oth­er files held by OPM.

“No you wer­en’t—that wasn’t the ques­tion,” Chaf­fetz shot back.

“It was mis­lead­ing, it was a lie, and it wasn’t true,” Chaf­fetz said. “And when this plays out, we’re go­ing to find out that this was the step that al­lowed them to come back and why we’re in this mess today.”

Wed­nes­day’s hear­ing is the second in as many weeks be­fore the House Over­sight Com­mit­tee for Archu­leta, whose agency has been un­der siege since earli­er this month, when it dis­closed two massive thefts of data, both of which are be­lieved to be China’s do­ing. Chaf­fetz and a hand­ful of law­makers—both Demo­crats and Re­pub­lic­ans—have called for Archu­leta’s resig­na­tion on grounds that she ig­nored warn­ing signs about the cy­ber vul­ner­ab­il­it­ies of OPM’s serv­ers.

Archu­leta said at the out­set of the hear­ing that she wanted to cor­rect me­dia re­ports that as many as 18 mil­lion in­di­vidu­als may have been af­fected by the re­cent hacks on fed­er­al em­ploy­ee data and se­cur­ity-clear­ance in­form­a­tion. The first breach is still be­lieved to have hit about 4 mil­lion people, Archu­leta said, adding that in­vest­ig­at­ors were still de­term­in­ing the scope of the second in­tru­sion.

The 18-mil­lion fig­ure, re­por­ted this week by CNN, “is a num­ber I am not com­fort­able with,” Archu­leta said. “It is my un­der­stand­ing that the 18 mil­lion refers to a pre­lim­in­ary, un­veri­fied and ap­prox­im­ate num­ber of unique So­cial Se­cur­ity num­bers in the back­ground in­vest­ig­a­tion data,”

Chaf­fetz, however, sug­ges­ted that OPM holds data on as many as 32 mil­lion people who could be vul­ner­able—a num­ber he took from a Feb­ru­ary budget re­quest from Archu­leta.

“I’m not go­ing to give you a num­ber I am un­sure of,” Archu­leta said.

Archu­leta did earn some de­fense from Rep. Gerry Con­nolly, a Vir­gin­ia Demo­crat who cas­tig­ated some of his col­leagues for fo­cus­ing too much on the blame game.

“To pre­tend that this is Miss Archu­leta’s fault is to miss the pic­ture and really do a dis­ser­vice to our coun­try,” Con­nolly said, adding that the U.S. is en­gaged in “a new Cold War with cer­tain ad­versar­ies, in­clud­ing China and Rus­sia.”

Earli­er Wed­nes­day, OPM re­leased a “cy­ber­se­cur­ity ac­tion re­port” that an­nounced the on­go­ing rol­lout of a series of ad­di­tion­al se­cur­ity meas­ures, in­clud­ing the hir­ing by Aug. 1 of a “lead­ing cy­ber­se­cur­ity ex­pert from out­side gov­ern­ment” who will re­port to Archu­leta. The re­port also vowed ex­pan­ded co­oper­a­tion with the De­part­ment of Home­land Se­cur­ity and said by Aug. 1 OPM would re­quire all em­ploy­ees to use a smart card to log on to its com­puters.

This story has been up­dated.

What We're Following See More »
Trump to Begin Covering His Own Legal Bills
1 days ago
Steele Says Follow the Money
1 days ago

"Christopher Steele, the former British intelligence officer who wrote the explosive dossier alleging ties between Donald Trump and Russia," says in a new book by The Guardian's Luke Harding that "Trump's land and hotel deals with Russians needed to be examined. ... Steele did not go into further detail, Harding said, but seemed to be referring to a 2008 home sale to the Russian oligarch Dmitry Rybolovlev. Richard Dearlove, who headed the UK foreign-intelligence unit MI6 between 1999 and 2004, said in April that Trump borrowed money from Russia for his business during the 2008 financial crisis."

Goldstone Ready to Meet with Mueller’s Team
1 days ago

"The British publicist who helped set up the fateful meeting between Donald Trump Jr. and a group of Russians at Trump Tower in June 2016 is ready to meet with Special Prosecutor Robert Mueller's office, according to several people familiar with the matter. Rob Goldstone has been living in Bangkok, Thailand, but has been communicating with Mueller's office through his lawyer, said a source close to Goldstone."

Kislyak Says Trump Campaign Contacts Too Numerous to List
1 days ago

"Russian Ambassador Sergey Kislyak said on Wednesday that it would take him more than 20 minutes to name all of the Trump officials he's met with or spoken to on the phone. ... Kislyak made the remarks in a sprawling interview with Russia-1, a popular state-owned Russian television channel."

Sabato Moves Alabama to “Lean Democrat”
2 days ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.