Donna Seymour is stepping down, amid repeated calls for her ouster following last summer’s massive breach of 21.5 million private records on national security personnel and family members.
This story has been updated.
Donna Seymour, Office of Personnel Management chief information officer, is stepping down, amid repeated calls for her ouster following last year's massive breach of 21.5 million private records on national security personnel and family members.
Seymour and other federal officials were scheduled to testify before the House Oversight and Government Reform Committee on Wednesday about the hack, an alleged Chinese espionage operation. It would have marked her third appearance since the multi-year attack became public in June.
Seymour, a 37-year career federal employee who had served as the agency’s CIO since December 2013, is retiring, OPM announced Monday.
The Republican-led committee, which has been intensely critical of OPM leadership’s handling of the data breach, cancelled Wednesday’s hearing immediately after releasing a statement on Seymour's retirement.
"On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data,” said Chairman Rep. Jason Chaffetz, R-Utah, who had called for her removal at least five times. “The national security implications of this entirely foreseeable breach are far-reaching and long-lasting. OPM now needs a qualified CIO at the helm to right the ship and restore confidence in the agency.”
The lead Democrat on the Oversight committee, however, says Republican charges against Seymour are “inaccurate.”
In a statement, acting OPM Director Beth Cobert said Seymour “inherited enormous information technology challenges that were years in the making,” but that Seymour “made significant progress in addressing those challenges. She helped modernize and enhance the security of OPM’s IT systems, revamped the CIO’s office, brought in new talent, consolidated and elevated the role of IT security, and worked to obtain the tools, resources and interagency expertise needed to improve OPM’s capabilities.”
In an email to OPM staff, Seymour said leaving the agency “was a very tough decision for me, but I feel it is in the agency’s best interest that my presence does not distract from the great work this team does every single day for this agency and the American people.”
Chaffetz had repeatedly called for Seymour to step down, alleging she mismanaged the agency’s response to the hack. The agency’s inspector general last year criticized Seymour’s office for failing to follow federal contracting rules in awarding a contract for post-breach notification services and for unreliable cost accounting related to a multimillion IT security upgrade project.
Deputy IG Norbert E. Vint also had been scheduled to speak before the panel Wednesday.
Chaffetz said, “While I am disappointed Ms. Seymour will no longer appear before our committee this week to answer to the American people, her retirement is necessary and long overdue.”
Earlier this month, Chaffetz’s committee subpoenaed Cobert over documents relating to the massive breach he said the agency had still not turned over. Cobert’s predecessor, former OPM Director Katherine Archuleta, resigned in July following bipartisan outrage over her handling of the incident.
In a statement, Rep. Elijah Cummings, D-Maryland, the ranking Democratic member of the oversight committee, pointed out the initial infiltration of OPM files predated Seymour’s tenure as CIO and said numerous experts had “commended” Seymour for her “aggressive response” to the hack.
“Unfortunately, efforts by Republicans to blame her for the cyberattack on OPM are both unfair and inaccurate, and they set a terrible precedent that will discourage qualified experts from taking on the challenges our nation faces in the future,” Cummings said.
Weighing in on Seymour's resignation, U.S. Chief Information Officer Tony Scott highlighted the departing CIO's efforts to bolster federal cyber defenses.
"Indeed, it was because of Donna and her team's actions that OPM identified the cyber breach of its systems," Scott said in a statement. "In the subsequent weeks and months, they worked tirelessly to remediate the situation and embarked on the hard and necessary work to further improve the state of IT at OPM. We are in a significantly better place today because of Donna. I wish her all the best."
There’s no word yet on Seymour’s replacement. In an email to the OPM workforce, Cobert said she would be “in touch shortly about new leadership.”
Jack Moore contributed to this report.