This Isn't A Joke: The IRS Just Hired Equifax To Safeguard Taxpayer Data

Just hours after Equifax CEO Rick Smith wrapped up his testimony before the House Energy and Commerce committee – the first in a series of Congressional “fact-finding missions” about the hack - Politico reported that the IRS last week awarded the disgraced credit monitoring bureau with a $7.25 no-bid contract even as the company struggled to address suspicions that it mislead investors and customers by withholding information about one of the most damaging data breaches in US history.

Equifax famously waited more than a month to disclose that hackers had infiltrated its servers and absconded with the sensitive financial information of more than 140 million customers, sparking widespread outrage that only intensified after reporters discovered that several of the company’s senior executives – including its CFO – cashed out of shares and options in the weeks before the company came clean about the hack.

According to the terms of the IRS contract, Equifax would be responsible for verifying taxpayer identities and help prevent fraud under a no-bid contract issued last week.

As if the IRS's decision to entrust the disgraced credit bureau with sensitive taxpayer data wasn't galling enough, the agency seemingly fast-tracked the contract by classifying it as a “sole source order” – a designation that allows the agency to circumvent the bidding process by claiming a given vendor is the only one capable of executing the contract. However, the agency's justification for this designation is baffling, considering that there are two other credit bureaus in the US that offer a nearly identical suite of services.

The notice describes the contract as a "sole source order," meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract.

Lawmakers from both parties demanded an explanation from the agency, which has endured several memorable data-security lapses – including a 2015 breach that exposed the sensitive financial information of more than 100,000 taxpayers.

Reps. Suzan DelBene (D-Wash.) and Earl Blumenauer (D-Ore.) separately penned letters to IRS Commissioner John Koskinen demanding he explain the agency's rationale for awarding the contract to Equifax and provide information on any alternatives the agency considered. "I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true," Blumenauer wrote.

Senate Finance Committee Chairman Orrin Hatch criticized the agency’s decision as “irresponsible.”

"In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed," Senate Finance Chairman Orrin Hatch (R-Utah) told POLITICO in a statement.

Hatch raised concerns about the IRS’s cybersecurity practices in a letter sent to the agency’s head last month. To help the agency improve its data-security safeguards, Congress recently allocated $106.4 million to bolster the agency’s identity theft protections.

Hatch questioned the agency's security systems in a letter to Koskinen last month. Hatch said he was concerned that the IRS lacked the technology necessary "to safeguard the integrity of our tax administration system."

Ron Wyden said the Finance Committee would seek to verify whether Equifax was really the only company capable of executing the contract, as the agency insisted.

The committee's ranking member, Sen. Ron Wyden (D-Ore.), piled on: "The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this. I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward.”

In defending its decision, the IRS claimed that Equifax said that none of its data was involved in the data breach.

The IRS defended its decision, saying Equifax has told the agency that none of its data was affected by the breach. The agency also noted that Equifax already provides “similar services” to the agency under a different contract.


"Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems," the statement reads. "At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation."

Given that Equifax waited more than a month to disclose the hack to the public – and has bungled seemingly every step in its response to the hack - the fact that the IRS justified its decision by, in effect, saying "they told me everything is fine" is hardly reassuring. As Yahoo demonstrated just last night, the true scope of cyber-security intrusions sometimes takes years to uncover, which is precisely why sticking with Equifax is a risky. Yahoo, of course, revealed yesterday that a 2013 data breach impact all 3 billion of the company’s user accounts – three times the one billion accounts previously reported by the company.

As lawmakers have suggested, when determining which companies should be trusted to safeguard tax payers' most sensitive financial data, the agency should've erred on the side of caution.


JimmyJones MagicHandPuppet Wed, 10/04/2017 - 15:57 Permalink

In other news the earth is flat, well at least that is what the internet says these days.  Also Black people are pissed about their Great Great Great Great Great grand daddy being a slave and want white people that have no history in their family of owning slaves and may of actually helped free them to pay today for it.  I think we can still get more stupid but Hey I am trying here.

In reply to by MagicHandPuppet

Never One Roach JimmyJones Wed, 10/04/2017 - 16:15 Permalink

/* Style Definitions */
{mso-style-name:"Table Normal";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
Yahoo, says all 3 billion accounts affected in 2013 hack… I am surprised this alt left web site, yahoo, is still in business. It's 99% far left propganda these days worse then CNN since yahoo pretends to be unbiased.

In reply to by JimmyJones

konadog Never One Roach Wed, 10/04/2017 - 17:38 Permalink

Y! is dead to anyone with an IQ above room temp. I once used Yahoo Finance for a quick look at things before digging into the 10Q, form 4 history, 10K and so on, but it was transformed by Marissa into a steaming worthless dung heap. Most finance types I know feel the same way and have left Y! for dead on the side of the road. It's a real pity because Y! was once a very cool and useful site. Marissa and her Bangalore crew took care of that problem.

In reply to by Never One Roach