OPM chief rebuffs lawmakers on scope of cyber breach

By Doina Chiacu
U.S. Office of Personnel Management (OPM) Director Katherine Archuleta testifies before a hearing of the Senate Appropriations Committee concerning a recently revealed data breach affecting millions of federal employees' personal data, on Capitol Hill in Washington June 23, 2015. REUTERS/Jonathan Ernst

By Doina Chiacu WASHINGTON (Reuters) - The director of the Office of Personnel Management refused on Wednesday to estimate how many millions of Americans were affected by recent attacks on her agency's computers and rejected as premature reports 18 million were compromised. Under blistering attack from lawmakers exasperated by unanswered questions about the massive cybersecurity breach, OPM Director Katherine Archuleta conceded the number of people whose data was hacked could increase from initial reports. OPM said this month it was victim of a cyber attack involving personnel data on 4.2 million current and former federal employees. Another attack targeted information of millions more Americans who applied for security clearances. Some media reports said 18 million were affected in that attack. "It is my understanding that the 18 million refers to a preliminary, unverified and approximate number of unique Social Security numbers in the background investigations data," Archuleta said at a House of Representatives hearing. "It is a number that I am not comfortable with at this time." In her second appearance in as many weeks before the Oversight and Government Reform Committee, Archuleta defended her agency's response to the intrusions. The hearing, which lasted four hours, was the second of at least three this week on the OPM breaches. Senate Majority Leader Mitch McConnell criticized her Tuesday testimony as "world-class buck-passing" and said there was a "management problem" at the agency. Lawmakers have criticized the OPM response to questions about the hacking sluggish and incomplete. Some called on the director, who has been in her job less than two years, to resign or at least take the blame for the sweeping breaches, which U.S. authorities suspect are the work of Chinese hackers. U.S. Representative Jason Chaffetz, the Republican committee chairman, exasperated by Archuleta's refusal to provide numbers, asked whether all 32 million current and former federal workers in its database could have been compromised. But Archuleta steadfastly refused to give an estimate. "As much as I want to have all the answers today, I do not want to be in a position of providing you and the affected individuals with potentially inaccurate data," she said. Archuleta said the second breach is still being investigated and that the number of people affected by that data intrusion "may well increase from these initial reports." Lawmakers also criticized agency contractors, whose practices have been cited as a factor in the successful hacks. Representative Elijah Cummings, the senior Democrat on the panel, singled out contractor KeyPoint Government Solutions for being the weak link that allowed hackers into the OPM system. Lawmakers said they were frustrated with a lack of information from that company's chief executive, Eric Hess. "I find myself utterly dissatisfied with the explanations we've heard today," said panel Democrat Matt Cartwright. (Reporting by Doina Chiacu; Editing by David Gregorio, Bernard Orr)