Modern field guide to security and privacy
Jonathan Ernst/Reuters
Office of Personnel Management Director Katherine Archuleta returned to Capitol Hill Tuesday to testify before a Senate hearing.

Price tag for OPM breach at least $19 million

The beleaguered head of the Office of Personnel Management returned to Capitol Hill on Tuesday for the first in a trio of hearings this week over the hack that exposed millions of personal files. 

The Office of Personnel Management data breaches that exposed sensitive information on at least 4.2 million current and former federal employees will cost the government at least $19 million, Katherine Archuleta, the agency's director, told a Congressional hearing Tuesday.

That money will pay for the massive undertaking to inform victims of the breach as well as cover credit monitoring services for each of them, Ms. Archuleta testified to a Senate Appropriations Committee panel. She said the office is still exploring whether to extend similar services to those tangentially effected in the breach, such as family members listed within the exposed files. 

Tuesday's hearing marked the second congressional appearance for Archuleta since the breach and was one of a trio of hearings on the matter scheduled for this week. Indeed, many lawmakers have been quick to criticize Archuleta over the agency's network security practices and some have called for her resignation over the hack that exposed of vast amounts of sensitive personal information. 

“I am as upset as [those affected] are about what happened and what these perpetrators have done with our data,” said Archuleta, who also confirmed that attackers gained access to the network with credentials stolen from security contractor KeyPoint in 2014.

As for placing blame, Archuleta said that no one at OPM is being singled out. “If there’s anyone to blame, it is the perpetrators. They’re concentrated, very well funded, [and have] focused, aggressive efforts to come into our systems."

That assessment did not seem to appease the committee, which said the incursion revealed a devastating gap when it comes to protecting government information and systems. 

"The problem is something much greater than a lack of resources," said John Boozman (R) of Arkansas, chair of the Financial Services and General Government Subcommittee. What's more, he said, as a result of this breach and other recent hacks that have penetrated federal systems, "the American people have lost faith in their institutions."

When the security breach was first detected in April, OPM was in the midst of a $93 million security upgrade that would improve access controls and create a more centralized system for data management. It was during that process that the agency discovered the breach. 

But, even at that cost, the upgrade falls short of actually transitioning the old system to the new operating platform, said Michael Esser, assistant inspector general for OPM. That would carry a "substantial" price tag. Without securing funding for the transition, Mr. Esser said, the agency will fall short of its goals. 

Tuesday's hearing followed the White House's announcement last week that federal agencies must "sprint" to improve their cybersecurity, including by updating their software and applying patches. 

During that time other federal agencies are likely to find  "significant breaches," said Richard Spires, chief executive officer of the security firm Resilient Network Systems.

“What we need are [chief information officers] that have the authority to bring best practices,” Mr. Spires said, “and not to allow systems or practices to continue that jeopardize the security of our data and our systems. That has been the problem for decades.”


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Price tag for OPM breach at least $19 million
Read this article in
QR Code to Subscription page
Start your subscription today