U.S. Senator Bill Cassidy, chair of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has criticized OPEXUS for not adequately protecting sensitive federal government information after a cyber breach involving the company. OPEXUS is a significant software service provider for the U.S. government.
The breach occurred early last year when two former OPEXUS employees, both previously convicted of hacking federal agencies, destroyed and stole government documents, including those from the Equal Employment Opportunity Commission (EEOC). The individuals have been criminally charged.
“At a time when cybersecurity incidents are only increasing in frequency, it is important that those who have access to this data take their responsibility to protect public and private stakeholders seriously,” wrote Dr. Cassidy. “These incidents raise significant concerns about OPEXUS’s internal processes to safeguard sensitive information.”
In his letter to OPEXUS CEO Mr. Langsam, Senator Cassidy raised questions about the company's hiring practices and its handling of employee access following revelations about the employees' criminal backgrounds. According to Cassidy's letter:
“Securing access to critical information technology (IT) is essential to ensure that sensitive government and consumer information is not misused. At a time when cybersecurity incidents are only increasing in frequency, it is important that those who have access to this data take their responsibility to protect public and private stakeholders seriously.
The recent cybersecurity breach involving OPEXUS raises questions about the company’s commitment to robust cyber practices. OPEXUS offers a number of products for state, local, and federal agencies, including tools to manage Freedom of Information Act (FOIA) requests, workflow management, and agency audit and investigation activities. OPEXUS explicitly states that ‘security should be at the forefront of everything we do.’
Contrary to this stated commitment, OPEXUS recently employed two individuals who previously pleaded guilty and received prison sentences for hacking federal agencies, specifically the Department of State. Despite their criminal records, OPEXUS was unaware of this information when the two individuals were hired in 2023 and 2024, respectively, although OPEXUS claims that both individuals underwent background checks prior to their employment.
After learning about their criminal history in February 2025, the two individuals were terminated. However, prior to losing access to OPEXUS’ systems, these individuals allegedly destroyed and exfiltrated a number of government documents, including those belonging to the Equal Employment Opportunity Commission (EEOC). This incident resulted in several federal agencies temporarily losing access to its FOIA systems.
These developments raise significant concerns about OPEXUS’ internal processes to safeguard sensitive information. To that end, I ask that you answer the following questions by February 24, 2026.”
Cassidy asked why employee system access was not immediately revoked upon termination and what safeguards existed against deletion or theft of data. He also questioned whether deleted databases were recovered and requested details on which government agencies were affected by the breach.
He further sought clarification on how OPEXUS screens prospective employees before hiring and whether audits or additional screenings are conducted for current staff members. Cassidy noted: “OPEXUS has previously stated that the two terminated employees had undergone background checks prior their employment, but that ‘additional diligence should have been applied.’ What lapses to OPEXUS’ pre-employment processes has it identified that led to the two terminated employees prior criminal convictions being missed? What remedial steps has OPEXUS implemented to its pre-employment processes?”
Cassidy also asked if credit monitoring or financial indemnification would be provided for people whose personal information may have been exposed as a result of the incident.
The Senate Health, Education, Labor, and Pensions Committee plays an important role in legislating on public health issues as well as overseeing federal regulations affecting health and education across the United States (official website). The committee also provides oversight for laws related to labor policy and manages oversight responsibilities for agencies such as FDA and NIH (official website). In the 119th Congress, Bill Cassidy served as chair (official website).
For updates from HELP Republicans visit their website or Twitter at @GOPHELP.
