WASHINGTON (AP) – The head of the U.S. government's personnel office is rejecting bipartisan calls for her resignation following revelations that hackers stole the personal information of more than 21 million people on her watch.
Katherine Archuleta, director of the federal Office of Personnel Management, said she has no plans to step down and is committed to continuing her work. The White House, which had previously said President Barack Obama was confident in Archuleta's leadership, said there was no change in its position.
The escalating calls for Archuleta to be replaced came as the Obama administration disclosed on Thursday that the number of people affected by the federal breach — believed to be the biggest in U.S. history — was far higher than previously reported.
Hackers downloaded Social Security numbers, health histories or other highly sensitive data from OPM's databases, affecting more than five times the 4.2 million people the government first disclosed this year. Since then, the administration acknowledged a second, related breach of systems housing private data that individuals submit during background investigations to obtain security clearances.
Although the government declined to name the hackers, officials said the same party was responsible for both hacks. Numerous U.S. lawmakers who have been briefed on the federal investigation have pointed the finger at China.
Word that the breach was far more severe than previously acknowledged drew indignation from members of Congress who have said the administration has not done enough to protect personal data in their systems, as well as calls for Archuleta and her top deputies to resign. House Republican leaders — Speaker John Boehner, Majority Leader Kevin McCarthy and Whip Steve Scalise — called for Archuleta's resignation, and Boehner said the president must "take a strong stand against incompetence."
Even some members of Obama's own party, usually reluctant to criticize the administration, joined the call for Archuleta to go. Democratic Sen. Mark Warner of Virginia decried Archuleta for a "slow and uneven response" that he said had undermined confidence in her abilities.
"It is time for her to step down, and I strongly urge the administration to choose new management with proven abilities to address a crisis of this magnitude with an appropriate sense of urgency and accountability," Warner said.
Among the data the hackers stole: criminal, financial, health, employment and residency histories, as well as information about their families and acquaintances. The second, larger attack affected more than 19 million people who applied for clearances, as well as nearly 2 million of their spouses, housemates and others.
"Such incompetence is inexcusable," said House Oversight and Government Reform Committee Chairman Jason Chaffetz, a Utah Republican, in repeating his calls for Archuleta's resignation. Chaffetz said Archuleta and her aides had "consciously ignored the warnings and failed to correct these weaknesses."
Yet Archuleta insisted Thursday she would not step down, telling reporters during a conference call, "I am committed to the work that I am doing."
"I truly understand the impact this has on our current and former employees, our military personnel and our contractors," she added.
Archuleta said the hackers also obtained user names and passwords that prospective employees used to fill out their background investigation forms, as well as the contents of interviews conducted as part of those investigations. But the government insisted there were no indications that the hackers have used the data they stole.
Members of Congress including Senate Democratic leader Harry Reid have said China was behind the attack, and investigators previously told the Associated Press that the U.S. government was increasingly confident that China's government — not criminal hackers — was responsible for the extraordinary theft.
But Michael Daniel, Obama's cybersecurity coordinator, said Thursday that the government wasn't yet ready to say who was responsible. Still, he added cryptically, "Just because we're not doing public attribution does not mean that we're not taking steps to deal with the matter."
China has publicly denied involvement in the break-in.
The administration said it has stepped up its cybersecurity efforts by proposing new legislation, urging private industry to share more information about attacks and examining how the government conducts sensitive background investigations.
"Each and every one of us at OPM is committed to protecting the safety and the security of the info that is placed in our trust," Archuleta said. In early June, government employees received notice that OPM would offer credit-monitoring services and identity-theft insurance to those affected.
Meanwhile, the White House waited about a month before telling the public that hackers had stolen the personal information of millions of people associated with the government, people directly involved with the investigation told the AP last month.
"It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government," FBI Director James Comey said Thursday, describing the scope of the breach as "huge" and "a very big deal."