**Part I: Key Players **

The director of OPM at the time this breach occurred was Katherine Archuleta whom was a Hussein appointee. Prior to this position she served in the capacity of National Political Director for Obama's 2012 reelection campaign. The rest of her resume includes Executive Director of the National Hispanic Cultural Center Foundation in New Mexico, co-founded the Latina Initiative, had worked at a Denver law firm, and had worked in the Clinton Administration as chief of staff to the Secretary of Transportation, Federico Peña. It would seem she lacked the expertise for this very important position, however Hussein believed it would bring a “different perspective to the table.” After a senate hearing and vote, Katherine was sworn in on November 4, 2013.

http://www.foxnews.com/politics/2013/05/23/katherine-archuleta-to-be-named-to-white-house-post.html https://archive.li/1YSle

**It is interesting Katherine would be a content expert on data driven solutions after resigning from the OPM, but here she is on a website doing exactly that. **

http://dimensionstrat.com/ https://archive.li/6Jc3C

The reason this point is raised is because one year before the security breach was detected (that had been going on for a year anyways) is she ignored the security warnings brought up by the Semi-Annual Inspector General report dated from October 2014 to March 2015. While there was numerous security issues that needed addressed, only the points that would have mitigated the security breach will be brought up. See pages 7 and 8 on these key points in the report.

1. Several information security agreements between OPM and contractor-operated information systems have expired.
2. OPM does not maintain a comprehensive inventory of servers, databases, and network devices. In addition, we are unable to independently attest that OPM has a mature vulnerability scanning program.
3. Multi-factor authentication (the use of a token such as a smart card, along with an access code) is not required to access OPM systems in accordance with Office of Management and Budget (OMB) Memorandum M-11-11. This is a significant concern because multi-factor authentication is a key defense against unauthorized access.

https://www.opm.gov/news/reports-publications/semi-annual-reports/sar52.pdf https://web.archive.org/web/20180725224803/https://www.opm.gov/news/reports-publications/semi-annual-reports/sar52.pdf

Moving on, we have Donna Seymour, CIO of OPM. According to her resume, “She is responsible for the information technology and innovative solutions that support the OPM’s mission to recruit, retain, and honor a world class workforce.' Before coming to OPM, Mrs. Seymour served as the acting Deputy Assistant Secretary of Defense for the Office of Warrior Care Policy. She is a member of the Senior Executive Service for the Department of Defense, responsible for policy and oversight related to wounded, ill, and injured transitioning Service members.” It even goes on to say that “in 2010, she was named as a Top 100 Chief Information Officer by Computerworld.”

https://docs.house.gov/meetings/GO/GO25/20141210/102800/HMTG-113-GO25-Bio-SeymourD-20141210.pdf https://web.archive.org/web/20180726042515/https://docs.house.gov/meetings/GO/GO25/20141210/102800/HMTG-113-GO25-Bio-SeymourD-20141210.pdf

This would seem impressive until one finds that Donna decided to retire just two days before she was scheduled to appear before the House Committee on Oversight and Government Reform on February 22, 2016 after 34 years of service on the security breach which seems a bit too convenient given the gravity of the circumstances. Furthermore, it would not be far-reaching to think that she is receiving a taxpayer paid government pension despite her negligence in the capacity of performing her normal work duties.

Despite the deficiencies of protecting such vital information of 22 million people, another hack occurred in February 4, 2015 in relation to health provider, Anthem, Inc. which delivers coverage to 1.3 million federal employees. In fact, this hack affected over 80 million people nationwide.

https://www.nextgov.com/cybersecurity/2015/02/exclusive-opm-monitoring-anthem-hack-breach-could-impact-13m-feds/104700/ https://web.archive.org/cybersecurity/2015/02/exclusive-opm-monitoring-anthem-hack-breach-could-impact-13m-feds/104700/

Next - Part II - The Hack Itself