The Internal Revenue Service (IRS) awarded Equifax a multi-million dollar contract just weeks after the embattled credit reporting company admitted to being hit by possibly the worst data leak in history.
The $7.25 million no-bid contract asks Equifax to help verify “taxpayer identities” and assist “ongoing identity verification and validations.” Despite receiving harsh criticism from lawmakers and customers about the cybersecurity incident, Equifax was determined by the IRS to be the only company capable of providing the required service.
A contract award, posted to the Federal Business Opportunities website on Sept. 30, was first reported by Politico.
Equifax is getting slammed for its handling of the data breach, which it claims affected 145 million people, which is one in three Americans. The stolen data included social security numbers, addresses, driver’s license data, and birth dates. The fallout from the hack has seen three top executives leave the company, including Richard Smith, who served as CEO for 12 years. The company now faces multiple multi-billion dollar lawsuits that allege it was negligent by failing to spend money on safeguards against cyberattacks.
The company dug itself into a deeper hole for its immediate response after admitting the data breach. Customers were confused and angered by a troubling tool Equifax created for checking if individuals were affected by the attack. And the Justice Department is now investigating three employees who sold $1.8 million in stock shortly before the company disclosed the damaging incident.
Politicians from opposing parties have hit out at the IRS for handing the contract to Equifax.
“In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed,” Senate Finance Chairman Orrin Hatch (R-Utah) told Politico.
The IRS defended its decision in a statement to Politico, citing a similar contract it previously awarded to Equifax.
“Equifax advised us that no IRS data was involved in their breach. Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems. At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation.”
Representatives Suzan DelBene (D-Wash.) and Earl Blumensauer (D-Ore.) wrote to the IRS commissioner looking for answers as to why it would want to work with a company that failed to protect its customers.
“I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true,” Blumenauer wrote.
The Daily Dot has reached out to Equifax and will update this article if we hear back.
H/T Gizmodo