Lawmaker Calls for More Heads to Roll at OPM Amid Alleged Interference With Hack Investigations

A lawmaker is calling on a member of the Office of Personnel Management’s leadership to resign in relation to the hacks of data maintained by the agency and its ensuing response, but the leader is defiantly promising to stay on.

If this sounds familiar, that’s because it is.

OPM Chief Information Officer Donna Seymour is in a similar position as recently resigned agency director Katherine Archuleta, but whether Seymour will meet the same fate remains to be seen.

Rep. Jason Chaffetz, R-Utah, chairman of the House Oversight and Government Reform Committee, renewed on Thursday his call for Seymour to step down in a letter to acting Director Beth Cobert. Chaffetz cited a recent claim from OPM’s inspector general that Seymour’s office has withheld information from and deliberately deceived the auditors investigating the hacks and OPM’s response.

Seymour’s first offense, the IG originally said in a recent letter to Cobert later forwarded to Chaffetz and the oversight committee, was shielding the auditors from the fact that personnel records had been breached for a full week. This prevented the IG from conducting oversight and coordinating with law enforcement agencies in a more timely fashion, said Patrick McFarland, OPM’s IG.

Later, during the investigation into the second breach of background investigation data, Seymour’s office told the IG’s office it could not attend meetings between the CIO, the FBI and the Homeland Security Department because the IG’s presence would “interfere” with their work. This violated federal statute, said McFarland, who eventually circumvented Seymour by going directly to the FBI and DHS to meet with them.

Finally, Seymour reportedly did not inform the IG’s office that it had begun a major overhaul of OPM’s “IT environment.” It took one year for the IG to find out the full scope of the initiative, which prevented the auditors from identifying “serious deficiencies and flaws” in the project.

Examples of Seymour providing incorrect and misleading information to the IG were redacted in documents made public by the oversight committee.

“In the past, the OIG has had a positive relationship with the OCIO,” McFarland wrote. “Although the OIG may have identified problems within the OCIO’s areas of responsibility, we all recognized that we were on the same team, and the OCIO would leverage our findings in an effort to bring much needed attention and resources to OPM’s IT program. Unfortunately, this is no longer the case, and indeed, recent events make the OIG question whether the OCIO is acting in good faith.”

McFarland originally sent his letter to Cobert on July 22, but -- at the behest of the acting director -- it was just sent to committee members this week. Chaffetz said there was no reason Seymour should still be at OPM.

“It has been two weeks since the IG informed you of these serious transgressions and Ms. Seymour is still in a position of trust at the agency,” Chaffetz wrote. “Ms. Seymour has already failed the American people with her inability to secure OPM’s networks, and to learn that her office may be actively interfering with the work of the inspector general only adds insult to injury.”

Chaffetz originally called for Seymour to resign on June 26 for her perceived failures in preventing the hacks. His letter was signed by 17 other House Republicans.

Cobert has already responded to McFarland’s letter, an OPM spokesman said, defending Seymour for “working incredibly hard to enhance the security” of OPM’s networks. The spokesman noted Seymour has been a career civil servant for 37 years and has made significant improvements to OPM’s IT infrastructure.

“The recent results of the Cybersecurity Sprint demonstrate the progress that has been made, although everyone recognizes there is more to do,” said Sam Schumach, the spokesman. “Since Ms. Seymour’s arrival at OPM in late 2013, OPM has undertaken an aggressive effort to upgrade the agency’s cybersecurity posture, adding numerous tools and capabilities to its various legacy networks. These efforts were critical in helping OPM to identify the recent cybersecurity incidents.”

McFarland said the IG’s office will release a report on OPM’s response to the hacks “in a few weeks.”