Chaffetz Calls for Removal of OPM CIO (Updated)
Updated 12:50 p.m. | Rep. Jason Chaffetz, R-Utah, reiterated his call Thursday for the chief information officer at the Office of Personnel Management to step down in the wake of data breaches that affected millions of federal employees.
In a letter sent to acting OPM Director Beth Cobert, Chaffetz wrote that CIO Donna Seymour is “unfit to perform the significant duties for which she is responsible.” Chaffetz is chairman of the House Oversight and Government Reform Committee, which held lengthy hearings in June following two data breaches at OPM that affected more than 22 million current, former and prospective government employees. Chaffetz wrote that OPM Inspector General Patrick E. McFarland informed the committee Monday he had sent a memo to Cobert outlining a number of concerns about Seymour’s leadership.
McFarland’s memo to Cobert, dated July 22, alleges Seymour interfered with the IG’s work and provided inaccurate and misleading information to the IG, some of which former Director Katherine Archuleta, who resigned in July, repeated at congressional hearings.
In his memo, McFarland wrote that “recent events make OIG question whether the [Office of the Chief Information Officer] is acting in good faith.” Among his concerns were that the chief information officer failed to notify the IG about a “complex and costly IT infrastructure improvement project” it began in response to one of the data breaches.
McFarland also noted that Seymour’s office waited a week to inform IG of the first data breach, which involved personnel files of more than 4 million workers.
“Failure to include OIG investigators and auditors from the beginning of the incident impeded our ability to coordinate with other law enforcement organizations and conduct audit oversight activity,” McFarland wrote.
But it is not clear which incorrect or misleading information the CIO provided to the IG, which McFarland alleged was also repeated at congressional hearings. The portion of the memo detailing the information was entirely redacted.
McFarland noted the agency is preparing a response to the July 22 memo, which will be provided to the Oversight Committee.
In a Thursday afternoon statement in response to Chaffetz’s letter, an OPM spokesman appeared to signal that Seymour would remain in her position, and praised the work she had done to upgrade cybersecurity at OPM.
“As Acting Director Cobert indicated in her response to the Inspector General, in her first four weeks at OPM she has observed that the team, including the Office of the Chief Information Officer – working side-by-side with experts from across the Federal government – has been working incredibly hard to enhance the security of our information technology systems and support those who have been affected by the recent cybersecurity incidents,” said spokesman Samuel Schumach.
Schumach pointed out that since Seymour arrived at OPM in 2013, the agency has upgraded its cybersecurity systems, “adding numerous tools and capabilities.” Schumach noted, “These efforts were critical in helping OPM to identify the recent cybersecurity incidents.”
Questions still surround the breaches, two months after they were first reported, and more than a year after they were first discovered. Media reports have linked the breaches to China, but government officials have yet to publicly name who was behind the cyberattacks.
White House Press Secretary Josh Earnest was asked Tuesday if the government was any closer to identifying the actor that stole personnel and background check information. Earnest responded, “I don’t have any additional information on that. There has been obviously extensive public speculation about the attribution of some of those concerning actions in cyberspace. But I don’t have any new information to share publicly today.”
The breach spanned all three branches of government, affecting congressional staffers and lawmakers . According to a notice posted on the internal House website, OPM set up a special hotline for congressional staff on July 10, the same day the agency announced the breaches affected more than 22 million workers, to answer their questions about the breaches.
See photos, follies, HOH Hits and Misses and more at Roll Call’s new video site.
Get breaking news alerts and more from Roll Call in your inbox or on your iPhone.