Asked why she did not shut down some systems as recommended, Archuleta said some are essential for federal workers to get paid and retirees to get benefits. The agency is working to encrypt data on systems, but it is difficult or impossible on some of the agency's 25- to 30-year-old COBOL-based systems, said Donna Seymour, OPM's CIO.
Several committee members harshly criticized Archuleta and other government officials testifying, but the hearing produced little new information about the two data breaches. Archuleta avoided some direct questions, and witnesses referred questions about details of the attacks to a classified briefing with lawmakers later in the day.
OPM has withheld information from Congress and federal workers, citing an ongoing investigation into the breaches, said Representative Stephen Lynch, a Massachusetts Democrat. After Archuleta avoided a yes-or-no question about whether social security numbers were encrypted, Lynch urged OPM to release more information.
"This is one of those hearings when I think I'm going to know less coming out of the hearing than I did when I walked in, because of the obfuscation and dancing around that we're all doing here," he said. "I wish you were as strenuous and hard-working at keeping information out of the hands of hackers as you are keeping information out of the hands of Congress and federal employees."
Sign up for CIO Asia eNewsletters.