Equifax IRS Contract Awarded Despite Data Breach

Senators from both sides of the aisle seemed shocked during a Senate Banking, Housing, and Urban Affairs Committee hearing on October 4th that Equifax, the credit reporting company that suffered a data breach that affected more than 145 million people, has received a no-bid $7.25 million contract with the IRS to provide taxpayer and personal identity verification services. The goal of the contract is to help prevent fraud for the IRS.

Former Equifax CEO Richard Smith was testifying at the second of four congressional hearings this week regarding the details of the Equifax data breach, in which hackers accessed names, Social Security numbers, birth dates, addresses, and driver’s license numbers of over 145 million consumers from May to July. The company waited until September to disclose this information. Lawmakers want to know what the company is going to do to aid consumers who have been affected by this breach. Smith has since retired from the company, but could stand to earn up to as much as $90 million based on the terms of his stock compensation.

Sen. Ben Sasse (R-Neb.) was particularly critical of Smith and Equifax. During the hearing, Sasse asked, “Can you explain to the American people, not just as consumers who have been exposed and breached here, but as taxpayers, why in the world should you get a no-bid contract right now?” In a statement to Politico, Senate Finance Chairman Orrin Hatch (R-Utah) said, “In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed.” The Senate Finance Committee’s ranking member, Sen. Ron Wyden (D-Ore) further added, “The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this. I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward.”

According to the IRS, Equifax already provides similar services to the agency under a previous contract. The contract award was as a “sole source order”, meaning Equifax was deemed the only company capable of providing the service. Smith indicated that he did not know many details about the contract, but knew that it was work that Equifax had done for the IRS in the past. He specifically stated that the contract was, “to prevent fraudulent access to the IRS.” Based on the details of the data breach and Equifax’s poor response to the breach, it seems logical that not just lawmakers, but the average consumer, would be a little surprised by this contract award. Oregon Democratic Representative Earl Blumenauer said his initial reaction when he heard of the contract was that he thought that his staffers had shared with him a post from the satirical website The Onion. With the congressional hearings taking place this week, the timing of the IRS contract award seemingly could not be worse. The IRS has defended the decision, stating, “At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation.” In the past, the IRS has dealt with its own substantial data breaches, which leads many to be even more wary of the IRS-Equifax contract renewal. In addition to the congressional hearings, the United States Department of Justice has opened a criminal investigation into three top Equifax officials for possible insider trading related to the timing of stock sales after the data breach.