Equifax wins IRS’ identity verification contract despite suffering massive data breach
5 October 2017 |
Days after suffering a catastrophic data breach, US credit rating agency Equifax has won a contract by the IRS to verify identities of taxpayers.
The IRS said that awarding the contract to Equifax is risk-free as the service Equifax provided does not pose a risk to IRS data or systems.
Back in September, Equifax suffered a massive data breach that compromised details of millions of customers, including credit card details of over 209,000 citizens.
Not only did hackers get their hands on personal identifying information for approximately 182,000 U.S. consumers that included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, they also accessed names, dates of birth, email addresses, and telephone numbers belonging to over 400,000 UK citizens.
Following the breach, Equifax' CEO Richard Smith, its Chief Information Officer and its Chief Security Officer resigned and were replaced by interim heads. On 2nd October, Equifax announced that the number of consumers potentially impacted by the breach was 145.5 million, 2.5 million more than previously believed.
Despite the devastating effects of the breach which occurred due to Equifax' failure to update its systems with security patches when they were made available, the IRS sees no harm in awarding the credit rating agency a $7.25 million fraud prevention contract.
First reported by Politico, the terms of the contract will involve Equifax verifying identities of taxpayers and helping the IRS prevent fraudulent activities. The contract was also offered as a "sole source order" which meant that no other firm was able to bid for the contract.
"In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed," said Senate Finance Chairman Orrin Hatch to Politico.
"The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this. I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward," said Senator Ron Wyden who is also a member of the Finance Committee.
Even though lawmakers are seething over the contract being awarded to Equifax, that too as a sole source order, the IRS said that it believes the services offered by Equifax as per the terms of the contract will not impact its data or systems.
"Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems. At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation," said the IRS in a statement.
Latest posts by Jay Jay (see all)
- Modern laptops vulnerable to cold-boot attacks, finds research - 21st September 2018
- Adoption of AI and machine learning tech far exceeds their security credentials - 21st September 2018
- ICO issues first-ever GDPR notice to data analytics firm that worked for Vote Leave - 21st September 2018
- Hackers stole $60 million in cryptocurrency from Japanese exchange - 20th September 2018
- NUUO’s global video surveillance software featured zero-day vulnerability - 20th September 2018