Finger-pointing burst into the open on Capitol Hill Wednesday over blame for hacking into the U.S. government's personnel records, which the chairman of a House oversight committee said might affect as many as 32 million current and former employees and others.
The head of the U.S. Office of Personnel Management, Katherine Archuleta, acknowledged to lawmakers that she was responsible for keeping the files safe but blamed the hackers, and an executive disputed an official account that hackers had used one of his employee's credentials in one of the break-ins. It was the third congressional hearing on the subject in recent days.
For Archuleta, it was the latest appearance before angry lawmakers demanding answers about the personal information, including information used for background investigations for those seeking a security clearance. Some lawmakers have urged the White House to fire her.
U.S. & World
House Oversight and Government Reform Committee Chairman Jason Chaffetz, a Utah Republican, said Wednesday he had no confidence in Archuleta.
"I think you are part of the problem," Chaffetz said. "That hurricane has come and blown this building down, and I don't want to hear about putting boards up on windows (now). It's time for you to go."
Archuleta said it was the responsibility of her and her chief information officer to protect OPM records, but she again sought to steer blame to the hackers, whom she described as a "very dedicated, focused actor." Asked directly about reports that U.S. officials blamed China's government, she responded: "That's classified."
Across town, senior China diplomats were meeting with U.S. officials in the final day of meetings about strategic and economic issues.
On Capitol Hill, the chief operating officer for a federal contractor, KeyPoint Government Solutions Inc., told lawmakers that it wasn't his company's fault.
"There is absolutely no evidence that KeyPoint was responsible for that breach," executive Eric Hess said.
Hess countered assertions by Archuleta on Tuesday and Wednesday. She told lawmakers that hackers used a stolen KeyPoint credential to break into the network. Credentials are equivalent to electronic keys.
"There was a credential that was used, and that's the way they got in," Archuleta said, answering a question from Rep. Bonnie Watson Coleman, D-N.J.
Hess later told lawmakers that Archuleta was referring to a KeyPoint employee who had an OPM account.
Rep. Matt Cartwright, D-Pennsylvania, was critical of Hess's parsing of responsibility, saying he was making "some fine distinctions" in explaining the role of a KeyPoint employee in the data breach.
Archuleta told a Senate appropriations subcommittee on Tuesday that while a KeyPoint credential was used, "we don't have any evidence that would suggest that KeyPoint as a company was responsible or directly involved in the intrusion."
She said, in fact, that no one person was responsible, and blamed the hackers for the intrusion.
Archuleta has declined to say how many current or former government employees, contractors or job applicants may have been affected, repeating only the original figure of 4.2 million people disclosed last month.
Chaffetz asked Wednesday whether the figure could actually be as high as 32 million people.
White House spokesman Josh Earnest said Wednesday it is a challenge to determine the scope of breaches and who is responsible but promised "a serious commitment to trying to be as forthright as possible about what it is we know."
As Archuleta again defended herself and her agency, lawmakers pushed back.
"I disagree that nobody is to be held personally responsible," Chaffetz said. "As the head of the agency, Ms. Archuleta is in fact statutorily responsible."
Even the most sympathetic lawmaker during Wednesday's six-hour hearing suggested Archuleta wasn't helping herself with her responses.
California Democrat Rep. Mark DeSaulnier said Archuleta came across as "petulant, defensive and evasive."
The focus on Capitol Hill over the federal government's hacking continued during Wednesday's conclusion of important U.S.-China diplomatic meetings in Washington, known as the strategic and economic dialogue. It was not immediately clear whether the hacking came up during the meetings, although Secretary of State John Kerry on Tuesday said he anticipated "a very frank discussion of cyber security and other ongoing concerns."
Earnest has declined to discuss details of those meetings and said the government has not made any "public declaration" of who was behind the hack.
"The kinds of conversations that take place behind closed doors in the context of a summit as significant as the security, strategic and economic dialogue, are different than the kinds of public discussions that take place," Earnest said Tuesday. "After all, that's the reason that we would invite senior Chinese official to the United States, is so that we wouldn't have conversations through the media, but actually have an opportunity in a private setting to have a direct face-to-face discussion."