Obama backs OPM director as agency sends questionable email notifications
Fallout from the OPM breaches continues with legislators calling for OPM Director Katherine Archuleta's firing and President Obama backing her as a qualified leader.
Since the monumental data breaches at the Office of Personnel Management (OPM) were first announced, a variety of reactions have come from legislators, but now the loudest among them are the calls for agency Director Katherine Archuleta to resign.
The call to action particularly garnered support following the U.S. House Committee on Oversight and Government Reform's hearing on the breaches, which had representatives pressing Archuleta and others for details of the intrusions. More often than not, Archuleta deferred her answers to a closed-door session between her and the representative members.
Chairman Jason Chaffetz, R-Utah, called for President Obama to fire both Archuleta and OPM Chief Information Officer (CIO) Donna Seymour following the hearing, The Hill reported. Others, including Ted Lieu, D-Calif., made a similar call.
However, on Thursday, White House Press Secretary Josh Earnest told reporters that Obama has no plans to fire Archuleta.
“The president does have confidence that she is the right person for the job,” he said.
Earnest also elaborated on Archuleta's work to upgrade OPM's systems. He said the unauthorized access was detected because of OPM being in the “final stages of adding important security upgrades to their computer network.”
He also said that with Archuleta's guidance, OPM recognizes that cybersecurity needs to “be a priority and that there is significant and important work that needs to be done to make sure that they're fulfilling their responsibility to protect the data of federal workers.”
While the White House and legislators go back and forth over the director's performance, federal employees have been receiving emails from OPM notifying them of the breach. A link included in every email sends recipients to a private contractor's website to sign up for credit monitoring and other protections. To do so, recipients must enter their Social Security numbers.
The emails might not be as effective as the agency hoped, however.
The Washington Post reports that former employees are wary of opening the emails in case they might be a form of phishing. The Department of Defense (DoD) voiced its concerns over the manner in which OPM was prompting employees to register for credit monitoring, saying it goes against basic cybersecurity training to click on unfamiliar links.
These worries prompted OPM to suspend its email notifications, although the contractor, CSID, is continuing to send out its notices. The contractor's emails provide a link along with a website address employees can copy and paste directly into their browser.
To further add to the OPM breaches fallout, cybersecurity blogger Brian Krebs noted that while former employees' data was thought to be seen on digital underground markets, he believes the data stems from a separate breach at the Federal Prison Industries.