Days after suffering a catastrophic data breach, US credit rating agency Equifax has won a contract by the IRS to verify identities of taxpayers.
The IRS said that awarding the contract to Equifax is risk-free as the service Equifax provided does not pose a risk to IRS data or systems.
Back in September, Equifax suffered a massive data breach that compromised details of millions of customers, including credit card details of over 209,000 citizens.
Not only did hackers get their hands on personal identifying information for approximately 182,000 U.S. consumers that included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, they also accessed names, dates of birth, email addresses, and telephone numbers belonging to over 400,000 UK citizens.
Following the breach, Equifax' CEO Richard Smith, its Chief Information Officer and its Chief Security Officer resigned and were replaced by interim heads. On 2nd October, Equifax announced that the number of consumers potentially impacted by the breach was 145.5 million, 2.5 million more than previously believed.
Despite the devastating effects of the breach which occurred due to Equifax' failure to update its systems with security patches when they were made available, the IRS sees no harm in awarding the credit rating agency a $7.25 million fraud prevention contract.
First reported by Politico, the terms of the contract will involve Equifax verifying identities of taxpayers and helping the IRS prevent fraudulent activities. The contract was also offered as a "sole source order" which meant that no other firm was able to bid for the contract.
"In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed," said Senate Finance Chairman Orrin Hatch to Politico.
"The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this. I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward," said Senator Ron Wyden who is also a member of the Finance Committee.
Even though lawmakers are seething over the contract being awarded to Equifax, that too as a sole source order, the IRS said that it believes the services offered by Equifax as per the terms of the contract will not impact its data or systems.
"Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems. At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation," said the IRS in a statement.