Langevin Statement on Resignation of OPM Director Katherine Archuleta

Congressman Jim Langevin (D-RI), a senior member of the House Committee on Homeland Security and its Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, released the following statement in reaction to the resignation of Office of Personnel Management Director Katherine Archuleta:

“The resignation of Director Archuleta today is the unfortunate result of a failure to implement a risk-based cyber strategy, a failure to recognize the importance of the data she was entrusted with, a failure to acknowledge the security gaps that were repeatedly reported by her own Inspector General, and a failure to take responsibility when sensitive data were compromised.

“The latest reports place the number of affected people at over 22 million. While extremely distressing, and with grave consequences for those affected, this is not surprising. When malicious actors have unfettered access to a network for months at a time, one can be sure that they will find a treasure trove of information – and they did. The pieces of information stolen are a guide to the lives of Americans with security clearances and access to our nation’s most closely held secrets. While we still do not know exactly who now has access to these forms, the thought that a foreign intelligence agency might is chilling. Tens of millions of government employees and contractors – and their families – have had their most sensitive data exposed. We did not live up to the trust they placed in us, and we must do better.

“Archuleta’s resignation is a step forward for accountability at OPM, and I hope that it serves as a wake-up call for every other agency director to quickly and thoroughly reexamine their own cyber risks. OPM was not the first data breach, nor will it be the last – but while further breaches are inevitable, severe consequences from each of them are not. I believe that cyber leaders in the Administration and at the Department of Homeland Security understand the magnitude of the cybersecurity risks we face, and I will continue to work to pass legislation that gives them the authorities they need to safeguard the .gov domain and protect our nation in cyberspace.”