Despite Massive Security Catastrophes, Equifax Wins a Multimillion-Dollar IRS Contract
After losing private information of over 145 million Americans, Equifax has managed to get another multimillion-dollar contract from the US government. The Internal Revenue Service (IRS) has awarded Equifax a $7.25 million contract to verify taxpayer identities and help prevent fraud under a no-bid contract that was issued after the disclosure of its mega data breach.
"This action was to establish an order for third party data services from Equifax to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the Service."
Politico reports that the contract appears to have been finalized last week, with IRS giving Equifax exclusive rights to provide these services that include identity verification. The company's CEO who had to leave his position last week testified in front of lawmakers earlier today to respond to their concerns about the major security disaster(s) and how the credit reporting giant failed to disclose the breach in a timely manner, and then led victims to phishing sites.
Why a no-bid contract for Equifax?
Despite putting hundreds of millions of people at risk of identity theft, all seems to be going well for the company as it has managed to receive a government contract worth over $7.25 million. Published by the Department of the Treasury on September 30, the contract is a "sole source order" as IRS didn't ask for any competitive bids.
The agency is in a contract dispute with a former security provider and appeared to be in need of consumer protections. But, choosing Equifax begs a number of questions. The credit reporting company was breached twice in a year, and failed to comply with public notification regulations for months. The company CEO continued to present the megabreach as a non-issue until the company was pushed by the public and the lawmakers, forcing the CEO, CIO and the CISO to step down, who left with their golden parachutes - with the CEO taking off with at least $90 million.
However, the IRS believes the service Equifax will provide it doesn't pose a security risk to IRS data or systems, not responding to questions of how the agency is paying millions in taxpayer money when the company failed to protect the same people.
"At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation," the agency said in a statement. At this moment, no one believes if the tax agency is capable of "monitoring" the situation as it evidently missed reading last month's news headlines and memos from Congress.
Lawmakers who had to deal with the mess aren't happy with the IRS contract and justifiably so.
"In the wake of one of the most massive data breaches in a decade," Senate Finance Chairman Orrin Hatch (R-Utah) said in a statement, "it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed."