InsideSources

Office of Personnel Management Director Katherine Archuleta will step down from her post effective Friday according to a White House official — one day after OPM revised the total number of people affected in two hacks divulged last month from 4.2 to 22.1 million.

The number vastly exceeds OPM’s initial estimate of 4.2 million current and former federal government employees, contractors and potential employees, though the vast majority of those whose information was compromised — 21.5 million — came from security clearance background checks. Such sensitive records often include information about applicants’ mental health, sexual relationships and histories with alcohol and substance abuse.

Of the 4.2 million affected by the initial hack and 21.5 million in the second, 3.6 million were caught up in both, bringing to total number of those affected to 22.1 million — the largest hack ever executed against the federal government.

Archuleta reportedly offered her resignation to President Obama personally this morning, saying new leadership was needed to “move beyond the current challenges” facing OPM. Office of Management and Budget Deputy Director Beth Cobert will temporarily replace Archuleta until the president selects and the Senate approves a permanent replacement.

Lawmakers across both sides and aisles of Congress renewed calls for Archuleta’s resignation Thursday in response to the revised figure.

“President Obama must take a strong stand against incompetence in his administration and instill new leadership at OPM so we can move forward in a fashion that begins to restore the confidence of the American people,” House Speaker John Boehner said Thursday.

“Public trust in how our government is run is already low, and any resolution to this massive data breach and theft can only happen with new leadership at the OPM immediately,” House Majority Leader Kevin McCarthy said. “Only with new leadership can we get a full accounting of what happened and, most importantly, how to prevent this from ever happening again.”

“She’s not qualified to run one of the biggest HR operations in the world. And when it comes to technology, she’s in way, way over her head,” House Oversight Chairman Jason Chaffetz said, adding the Archuleta and her staff’s “negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries.”

“Such incompetence is inexcusable.”

RELATED: Chaffetz on OPM Hack: ‘You Failed Utterly and Totally’

“People need to go, starting with the OPM director,” 2016 presidential contender and Flordia Republican Sen. Marco Rubio said.

Congressional Republicans weren’t the only ones calling for Archuleta’s ouster. While Democrats in the House called on Archultea to step down or be fired after the first hearing discussing the hack last month, Virginia Democratic Sen. Mark Warner, whose state is home to a large number of federal employees, became the first Democrat in the upper chamber to call on President Obama to replace the OPM director.

“The technological and security failures at the Office of Personnel Management predate this director’s term, but director Archuleta’s slow and uneven response has not inspired confidence that she is the right person to manage OPM through this crisis,” Warner said in a statement.

“It is time for her to step down, and I strongly urge the administration to choose new management with proven abilities to address a crisis of this magnitude with an appropriate sense of urgency and accountability.”

Archuleta, who has been fighting to keep her job since last month, said she was dedicated to seeing the crisis through during a conference call Thursday, and added she has asked the Office of the Director of National Intelligence and Office of Management and Budget to execute a 90-day review of OPM’s security, which agency inspector general reports have repeatedly cited as weak and vulnerable since 2007.

At the time the OPM director said she had no plans to fire OPM Chief Information Officer Donna Seymour, whose office housed systems breached in the hack.

“I am committed to the work that I am doing at OPM,” Archuleta said. “We are working very hard not only at OPM but across the government to ensure the cybersecurity of all our systems.”

RELATED: OPM Director on Data Breach: Blame the ‘Perpetrators’

The White House initially defended Archuleta, whom President Obama described as the “right person for the job” according to a June statement from White House Press Secretary Josh Earnest.

Director of National Intelligence James Clapper maintains China is the “leading suspect” in the breach, though the administration has yet to publicly assign blame for the hack.

The Office of Personnel Management announced Thursday it will offer three years of free free credit monitoring and protection for victims of stolen data, which includes Social Security numbers, dates of birth and even fingerprints for more than 1 million Americans caught up in the second breach.

Senators Ben Cardin and Barbara Mikulski of Maryland and Tim Kaine and Warner of Virginia — states boasting large numbers of federal employees — said that doesn’t go far enough, and introduced legislation known as the RECOVER Act Thursday mandating lifetime identify-theft coverage for federal employees and contractors, along with a minimum of $5 million in identity theft insurance.

Follow Giuseppe on Twitter

White House Office of Personnel Management Director Katherine Archuleta went back before Congress Tuesday to defend her agency’s handling of the massive hack of millions of federal employee records discovered earlier this month and make the case she should keep her job to see the crisis through.

Archuleta and assistant inspector general for OPM Michael Esser appeared before the Senate Financial Services and General Government Appropriations Subcommittee Tuesday to brief the upper chamber for the first time on the breach, now believed to have compromised the personal data and security clearance background information of 18 million federal workers.

Tuesday’s hearing touched on both the breach itself and OPM’s ongoing Information Technology Modernization Project, aimed at updating and securing the unencrypted legacy systems housing the stolen data of millions of federal employees dating back to 1985 — a project Esser’s office has described in years of IG reports as over budget, behind schedule and ineffective.

“What I hope to hear from our witnesses today is not the same stale line that more money is needed, but an explanation to why the federal government failed to do the basic job of protecting personal data of millions of employees with the vast resources it already has at hand,” Arkansas Republican Chairman John Boozman said in his opening statement.

Part of the agency’s effort to update those systems include a $21 million budget increase for fiscal year 2016 to continue upgrading OPM’s systems to meet Federal Information Security Management Act (FISMA) guidelines, which set the cybersecurity standards for all federal agencies.

“You will find significant problems with [other federal agencies] not following IT security best practices including FISMA,” former Homeland Security Department Chief Richard Spires told lawmakers. “Given the situation we find ourselves in across most federal agencies, I would expect you to find significant breaches.”

According to Archuleta, Esser and Spires, even if the agency had complied with those standards and encrypted the compromised data, it would not have stopped the hackers from accessing and reading it.

“My [chief information officer] has advised me that even if there had been 100 percent FISMA compliance, there is no guarantee that systems won’t get breached,” Archuleta said. “If there’s anyone to blame, it is the perpetrators — they’re concentrated, very well funded, focused, aggressive efforts to come into our systems.”

“I don’t believe anyone is personally responsible. I believe that we’re working as hard as we can to protect the data of our employees, because that’s the most important thing that we can do, and I take it very seriously. I’m as angry as you are that this has happened to OPM, and I’m doing everything that I can as quickly as I can to protect the systems.”

Archuleta told lawmakers she inherited the vulnerable legacy systems and lax cybersecurity practices responsible for the breach when she took over OPM in 2013. But according to Esser, not all of the compromised systems at OPM were legacy systems, and some could have been protected with modern security upgrades that were never implemented.

“There are many legacy systems at OPM,” Esser said. “But based on the work that we’ve done in our audits and ongoing work that we’re doing, it’s our understanding that a few of the systems that were breached are not legacy systems — they’re modern systems that current tools could be implemented on.”

“So the idea that this is all legacy and stuff is really not the case,” Boozman said. “I think that’s really important.”

Archuleta repeated steps the agency has taken to increase security she described to the House last week, including implementing two-factor authentication for accessing OPM systems and limiting access credentials to qualified staff.

The director’s first appearance before the House Oversight Committee last week failed to impress lawmakers in the lower chamber, many of whom accused Archuleta of making poor decisions in regard to the cybersecurity of OPM servers, suggested she wasn’t qualified for her job and lambasted her for the office’s lack of an appropriate apology to government employees. Several suggested she step down or be fired.

The breach, believed to have been opened a year ago and perpetrated by Chinese hackers, compromised private information including Social Security numbers, dates of birth and other background information belonging to up to 18 million federal employees, according to an estimate FBI Director James Comey recently gave Congress. So far, OPM has only confirmed an affected number of 4.2 million current, former, and prospective federal employees and contractors.

A second recent disclosure from investigators acknowledged a second security breach at OPM, exposing the information of millions of security clearance-wielding defense and intelligence agency federal employees, putting sensitive national security secrets at risk.

Included in those security clearance applications are the most intimate details of federal employees’ lives, including disclosures about histories with drugs, alcohol and sexual relationships — information often sought by foreign governments to use as blackmail in coercing federal employees to become informants.

Archuleta said the agency is providing 18 months of credit monitoring and identity theft insurance to federal employees affected by the breach and added OPM is working with law enforcement to safeguard federal employees in intelligence and law enforcement in danger of being targeted by criminals they have investigated or apprehended in the past.

The scope of the breach is still being investigated, according to the director, who added she would brief lawmakers further on the progress of the investigation in a classified briefing later Tuesday.

Follow Giuseppe Macri