Contractor Working on OPM’s Cyber Upgrades Suddenly Quits, Citing 'Financial Distress'

Update: In a statement provided May 16, the company said it was restricted from “fully discussing” its work with OPM because of a confidentiality agreement. “There is much more to the story than is currently being reported,” the statement continued. “The company is confident that as and when the full facts are publicly available, they will  completely contradict the mischaracterization of the company’s performance being reported at this time."

The contractor responsible for the hacked Office of Personnel Management’s major IT overhaul is now in financial disarray and no longer working on the project.

OPM awarded the Arlington, Virginia-based Imperatis Corporation a sole-source contract in June 2014 as part of an initial $20 million effort to harden OPM’s cyber defenses, after agency officials discovered an intrusion into the agency’s network.

In the past week, however, Imperatis ceased operations on the contract, citing “financial distress,” an OPM spokesman confirmed to Nextgov.

After Imperatis employees failed to show up for work May 9, OPM terminated Imperatis’ contract for nonperformance and defaulting on its contract.

“DHS and OPM are currently assessing the operational effect of the situation and expect there to be very little impact on current OPM operations,” OPM spokesman Sam Schumach said in a statement to Nextgov. Schumach said OPM had been planning for performance on the contract to end in June 2016.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Work on the contract went toward developing a more secure IT environment, dubbed “the shell,” in which to house sensitive files. Last summer, after work on the contract had already started, OPM announced a much larger breach of personnel records and background investigations forms affecting more than 21.5 million. Officials pledged to accelerate work on the IT upgrade plan.

Claire McCaskill, the ranking Democrat on the Homeland Security and Governmental Affairs’ investigations subcommittee, wrote to OPM and the Homeland Security Department, which also holds contracts with the company.

In the May 13 letter, McCaskill, D-Mo., said she is “concerned that Imperatis’ default may now delay OPM’s much-needed IT infrastructure and security fixes,” and requested OPM describe its contingency plans for the critical technology upgrades in a briefing with the senator’s staff.

A spokeswoman for the Imperatis Corporation did not return phone calls or emails from Nextgov. The voicemail box for the company’s CEO, Mastin M. Robeson, was full and no longer accepting messages Friday afternoon. The “Leadership” page of the Imperatis website, which once listed company executives, is now blank.

In the wake of the OPM hack last summer, lawmakers questioned the agency’s decision to rush work to Imperatis without competition from other companies.

In a “flash audit” issued last summer, OPM’s former inspector general raised several concerns about the agency’s overall IT upgrade plans, including the use of the sole-source contract and unreliable cost estimates for the overhaul.

OPM’s sole-source contract with Imperatis only covered the initial planning phases of the contract, agency officials testified under oath during a congressional hearing last summer.

However, officials later acknowledged Imperatis was working on later phases of the contract, according to a follow-up IG report.

The IG contended  "any involvement" by the contractor "violates federal acquisition regulations,” and stressed that “conflicting statements from OPM officials regarding this contract are extremely concerning.”

Current acting OPM Director Beth Cobert, in a Sept. 3 letter, told the IG Imperatis assistance is needed because of "the expertise and knowledge they have developed during the design and implementation" of the project.

OPM has already spent more than $67 million on the IT upgrade plan, Cobert told lawmakers during a House hearing in March. In its fiscal 2017 budget request, the agency is seeking $37 million in additional funding for the project.

This isn’t the first time Imperatis Corporation has come under scrutiny. Under a previous name, Jorge Scientific, the company held nearly $1 billion in contracts with the Army when employees were recorded in cellphone videos reportedly drinking on the job and injecting drugs.