Only one IT aide currently working directly for members of Congress has ever completed a background check, members’ data have been improperly mixed with other members’ data, and members provided almost no supervision, officials revealed Thursday in a House hearing spurred by “egregious” violations by former IT aide Imran Awan.

Members of Congress threw “$10 million” in additional funding to the [chief administrative officer (CAO)] in order to enhance their cybersecurity program” in June 2017. The move followed repeated cybersecurity threats against members of Congress, including the detection of what an IG report called “unauthorized access” by Awan. They also had the CAO and others propose how best to clamp down on vulnerabilities. But the CAO revealed Thursday that members blocked the resulting proposal, which called for eliminating Awan’s job category, that of a floating IT aide accountable only to members.

System administrators like Awan “hold the ‘keys to the kingdom,’ meaning they can create accounts, grant access, view, download, update, or delete almost any electronic information within an office,” Inspector General Michael Ptasienski said at the House hearing.

“A rogue system administrator could inflict considerable damage to an office and potentially disclose sensitive information, perform unauthorized updates, or simply export or delete files,” he continued. “A rogue system administrator could take steps to cover up his/her actions and limit the possibility that their behavior being detected or otherwise traced back to them.”

House Chief Administrative Officer Phil Kiko testified that experts found