The Internal Revenue Service (IRS) has awarded Equifax a $7.25 million fraud-prevention contract following the company’s massive security breach which affected over 140 million consumers.
According to Politico, “The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week.”
“The credit agency will ‘verify taxpayer identity’ and ‘assist in ongoing identity verification and validations’ at the IRS, according to the award,” Politico’s reported. “The notice describes the contract as a ‘sole source order,’ meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract.”
In September, it was reported that Equifax had been the victim of a large cyberattack, which potentially left over 140 million consumers’ personal information vulnerable.
Following the attack, Equifax blamed the attack on a single employee who failed to implement a patch. However, according to Tech Crunch, “a patch for that vulnerability had been available for months before the breach occurred.”
The company faced further controversy following the discovery that Equifax’s Terms of Service included a clause in their security assistance website which barred consumers from being able to sue the company before they removed it following consumer backlash.
It was also revealed that the company had been encouraging consumers to visit the wrong security website, a fake, which could have easily been used as a phishing scam and taken more information.
Several lawmakers have criticized the IRS’ decision, including Rep. Suzan DelBene (D-WA) and Earl Blumenauer (D-OR), the latter of which claimed, “I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true.”
Senate Finance Chairman Orrin Hatch (R-UT) and Sen. Ron Wyden (D-OR) also criticized the IRS over the contract in separate comments.
“In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed,” declared Sen. Hatch to Politico.
In his own comment, Sen. Wyden added, “The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this. I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward.”
In a statement, the IRS defended their decision, declaring, “Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems.”
“At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation,” they proclaimed.
Last month, the U.S. Justice Department reportedly “opened a criminal investigation into the sale of Equifax stock by high-ranking executives just days before the company revealed they had been the subject of a massive data breach,” while Equifax CEO Richard Smith retired from his position a week later.