Official overseeing breached OPM computer systems retires ahead of House hearing

By ERIC YODER | The Washington Post | Published: February 23, 2016

WASHINGTON — A key official overseeing the government computer systems whose breaching resulted in the theft of the personal information of more than 22 million people announced her retirement effective immediately on Monday, two days before she was scheduled to appear at a House hearing.

Donna Seymour, chief information officer at the Office of Personnel Management, was in charge of the two databases breached in 2014, cyberthefts that were discovered and disclosed in mid-2015. That announcement and the concerns about the impact on those persons and on national security resulted in a series of contentious Capitol Hill hearings and repeated calls by the head of the House Oversight and Government Reform Committee that she be fired - calls that the Obama administration resisted.

"Leaving OPM at this time was a very tough decision for me, but I feel it is in the agency's best interest that my presence does not distract from the great work this team does every single day for this agency and the American people," Seymour said in a farewell message to OPM employees Monday afternoon.

An OPM spokesman said that Seymour was not available for comment.

Stolen in the incidents, reportedly originating in China, were personnel files on current and former federal employees plus background investigation files on them as well as on current and former military and contractor personnel, plus others on whom background checks were done for access to certain federal facilities. Both involved personal identifying information; in the latter, highly personal information disclosed on security clearance forms also was taken, as were fingerprints in many cases.

Seymour had been in the position for less than a year when the incidents occurred.

OPM Acting Director Beth Cobert said in an agency-wide email that Seymour "inherited enormous information technology challenges that were years in the making. Donna made significant progress in addressing those challenges. She helped modernize and enhance the security of OPM's IT systems, revamped the CIO's office, brought in new talent, consolidated and elevated the role of IT security, and worked to obtain the tools, resources and interagency expertise needed to improve OPM's capabilities."

"It was because of Donna and her team's actions that OPM identified the cyber breach of its system," U.S. CIO Tony Scott said in a statement. "In the subsequent weeks and months, they worked tirelessly to remediate the situation and embarked on the hard and necessary work to further improve the state of IT at OPM. We are in a significantly better place today because of Donna."

However, at House and Senate hearings last summer, members of both parties criticized her and then-OPM Director Katherine Archuleta - who soon afterward resigned - for failing to heed warnings from the agency inspector general that the systems were vulnerable and to take the immediate, strong steps the IG recommended. Several members also expressed frustration with their reticence to provide details of the incidents and the response.

The House Oversight Committee had scheduled a hearing for Wednesday at which Seymour was scheduled to testify, along with the agency's acting inspector general and a computer security official from the Department of Homeland Security, which has been involved in the response.

In the wake of her retirement, the hearing was canceled.

The chairman of that panel, Rep. Jason Chaffetz, R-Utah, called for Seymour's dismissal several times, most recently in December when the IG issued yet another in a string of reports criticizing agency management, focusing on a contract to notify victims of the personnel files breach and to provide credit monitoring and other services to them.

Earlier reports had criticized the repair effort as haphazardly planned and characterized Seymour's office as not responsive to its investigations. The administration recently announced that the Defense Department will take over responsibility for safeguarding background investigation data while a semi-independent office is to be created within OPM to perform those investigations.

Chaffetz said in a statement that Seymour's retirement "is good news and an important turning point for OPM. While I am disappointed Ms. Seymour will no longer appear before our Committee this week to answer to the American people, her retirement is necessary and long overdue. On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data. The national security implications of this entirely foreseeable breach are far-reaching and long-lasting. OPM now needs a qualified CIO at the helm to right the ship and restore confidence in the agency."

However, the ranking Democrat, Rep. Elijah Cummings, D-Md., said that the committee has "heard from numerous experts inside and outside the agency who have commended Ms. Seymour for her professionalism, her competence, and her aggressive response to the OPM data breach. Unfortunately, efforts by Republicans to blame her for the cyber attack on OPM are both unfair and inaccurate, and they set a terrible precedent that will discourage qualified experts from taking on the challenges our nation faces in the future."

The committee recently issued a subpoena to OPM for documents relating to the breaches. Cobert is scheduled to appear at a hearing before the panel Thursday on the planned changes in background investigations.