The chairmen of the House Oversight and Government Reform Committee and two of its subcommittees have told OPM that they remain concerned about the security of federal employee personal information, three years after disclosure that a federal personnel records database and a background investigation database had been breached, resulting in the theft of personal information on more than 20 million people.
“The modernization of legacy IT systems at OPM is critical to protect mission-critical data and systems from future incidents,” they said in a letter to newly installed director Jeff Pon, but OPM “has a documented history of information security program failures, culminating in one of the most devastating U.S. government agency data breaches in history.”
They cited a recent IG report concluding that OPM “is continuing to make the same mistakes” that plagued an earlier IT initiative and noted that the IG previously reported that OPM’s failures to heed its warnings contributed to the breaches.
The latest report concluded that OPM “had not done the work necessary to support a well-developed, comprehensive IT capital budgeting modernization plan,” they wrote.
Further, they said, OPM has not carried out recommendations of a 2016 report the committee issued on the data breaches. “The agency appears unable to fully modernize its legacy IT systems due to an outdated and ineffective approach to managing major IT projects,” they said, while asking for a briefing on current efforts.
