A new government watchdog report says the Office of Personnel Management violated federal procedures when it awarded a $20 million contract to a company that is providing identity theft protection to millions of current and former federal workers who had their data stolen.
The report from the OPM’s inspector general found that the agency failed to abide by Federal Acquisition Regulation or OPM’s own policies and procedures in awarding the contract. “As a result, the wrong contracting vehicle was utilized … and millions of taxpayer dollars were put at risk for waste or loss,” the report stated.
OPM awarded the contract to the Winvale Group and its subcontractor, CSIdentity, to protect 4.2 million current and former federal government employees who had their information stolen in a breach of the agency. Information on more than 22 million individuals who have applied for security clearances from the U.S. government was exfiltrated this year in a breach linked to the Chinese government.
House Oversight Committee Chairman Jason Chaffetz, R-Utah, reacted to the report by saying the lead official in charge of technology issues at OPM should be fired.
“I write once again to augment my concerns that Ms. Donna Seymour, Chief Information Officer for the Office of Personnel Management, is unfit to perform the significant duties for which she is responsible,” Rep. Jason Chaffetz, R-Utah, said in a letter to OPM Acting Director Beth Cobert. “On at least five separate occasions, I have expressed my lack of confidence in Ms. Seymour’s management.”
At the behest of lawmakers, former OPM director Katherine Archuleta resigned in July. However, Seymour has refused to leave, and Chaffetz has been calling for her resignation since June.
“It is troubling that yet another IG report has found that Ms. Seymour failed to effectively fulfill her duties,” Chaffetz’s Thursday letter said. “Further, the results of the committee’s ongoing investigation have validated the IG’s initial concerns related to OPM network infrastructure improvement project.”
“The record is clear that six months after the American people first learned about OPM’s spectacular failure at securing sensitive personal information, change is needed in the Office of the Chief Information Officer,” Chaffetz concluded.
