The Office of Personnel Management revealed Thursday that two data breaches last year revealed sensitive information on a total of 22.1 million Americans.
It had previously been reported that 4.2 million people were impacted by a data breach of personnel records that included Social Security numbers and other identifying information, job assignments and performance evaluations.
On Thursday, the OPM acknowledged that 21.5 million security clearance files had been accessed. Those files contained “identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints. User names and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.”
The reason the total number of people impacted is not 25.7 million is because of overlap—most people impacted by the first announced breach were also hit in the second one.
Thursday’s revelation was the proverbial ‘final straw.’ OPM Director Katherine Archuleta announced her resignation Friday morning. In an email to her staff she wrote:
“I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work.”
Archuleta was a political appointee. Prior to her appointment by President Barack Obama, she served as national political director for the president’s reelection campaign.
On Friday, White House press secretary Josh Earnest told reporters, “The president thinks it’s quite clear that new leadership with a set of skills and experiences that are unique to the urgent challenges that OPM faces are badly needed.”
Among the stolen information were 1.1 million sets of fingerprints, which may compromise some advanced biometric security systems.
According to the Washington Post, legislation has been introduced in Congress that would provide people caught up in the breach with free lifetime identity protection and $5 million in identity theft insurance.
Currently, those impacted have been offered three years of protection.