Chaffetz renews call for OPM CIO's resignation

The chairman of the House Oversight and Government Reform Committee has renewed his call for the Office of Personnel Management to fire its CIO after an inspector general report found the agency violated federal acquisition policies in awarding a contract worth as much as $20.7 million.

"It is troubling that yet another IG report has found that [CIO Donna] Seymour failed to effectively fulfill her duties," wrote Rep. Jason Chaffetz (R-Utah) in a Dec. 10 letter to OPM Acting Director Beth Cobert. "Further, the results of the committee's ongoing investigation have validated the IG's initial concerns related to [the] OPM network infrastructure improvement project."

According to the IG’s report, OPM violated the Federal Acquisition Regulation and agency policies when it awarded a contract to Winvale Group and subcontractor CSIdentity to provide credit monitoring and identity theft services for the initial 4.2 million victims of the massive OPM data breach.

Specifically, the contract's work statement lacked a method of assessing the contractor's performance, and the $7.8 million blanket purchase agreement order exceeded a FAR limitation of $6.5 million, the report states. OPM agreed with all but one of the IG's findings.

OPM awarded the credit-monitoring contract on June 2, within five days of posting a solicitation, and the unusually fast turnaround time raised concerns.

The data of the 4.2 million people covered by the Winvale contract was compromised long before OPM knew it. Hackers began siphoning away data in that initial heist of personnel records in December 2014, but OPM officials did not know they had a problem until April 2015, according to an official timeline obtained by FCW.

Pressure on Seymour has mounted, and Chaffetz has called for her resignation multiple times since OPM revealed the full scope of the devastating breach, which ultimately compromised the personal information of 22.5 million current, former and prospective federal employees. Chaffetz and 17 other Republican lawmakers called for Seymour to step down just weeks after the breach was disclosed in June.

OPM spokesman Sam Schumach defended Seymour's record in an email to FCW.

"Since these incidents were discovered, OPM, under the direction of Ms. Seymour and now in partnership with OPM's new cyber security advisor, has continued to build upon our efforts to strengthen our broader cyber defenses and information technology systems, in partnership with experts throughout the federal government, and the private sector," Schumach said.

The agency also tried to deflect some of the criticism in the OIG report regarding the Winvale award. Schumach said that nothing in the report suggested that the outcome of the award was affected by issues in the the procurement process, although certain areas could have been improved.

"OPM is continuing to work to improve its contract compliance and oversight process, and appreciates the OIG's ongoing input into that process," Schumach said.

OPM Director Katherine Archuleta resigned in the wake of the hack. As Archuleta's successor, Cobert has backed Seymour despite growing congressional disapproval of the CIO's response to the data breach and discontent inside Seymour's own office.

Multiple people working in IT policy at OPM have described a stifling work environment under Seymour in which dissent is not encouraged. During her tenure, the agency has also struggled to come up with the money it needs for crucial IT modernization projects worth at least $117 million.