By Debbie Gregory.
Equifax is set to receive $7.25 million to help the IRS identify taxpayers and prevent fraud under a no-bid contract. Equifax is currently embroiled in a massive security breach that exposed the personal information of some 145 million Americans.
The IRS said that it needed to outsource this work because it’s handling a dispute on a different contract that affects its ability to fulfill these duties.
According to the Federal Business Opportunities database, the contract is a “sole source order,” meaning Equifax is the only company deemed capable of providing the service.
The partnership between the IRS and Equifax has received bipartisan displeasure from both sides of the aisle. Lawmakers feel that it is irresponsible for the IRS to turn over millions in taxpayer dollars to a company that in the midst of one of the most massive data breaches in a decade.
“The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this,” said Sen. Ron Wyden (D-OR.) “I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward.”
The IRS took a defensive position, saying that Equifax told the agency that none of its data was involved in the breach.
Equifax already provides similar services to the IRS under a previous contract.
While Equifax’s September data breach has mostly subsided, but the actual damage will play out for years. Attackers initially got into the customer portal through a vulnerability in the Apache Struts platform, an open-source web application. Apache disclosed and patched the relevant vulnerability some six months earlier.
Additionally, Equifax stored sensitive consumer information in plain text rather than encrypting it.
Equifax is one of three major credit reporting bureaus whose data determine consumer credit. This includes the credit information for those trying to qualify for mortgages, auto loans, credit cards, etc.
Do you think the IRS made the right decision?