Equifax wins IRS’ identity verification contract despite suffering massive data breach

Equifax wins IRS’ identity verification contract despite suffering massive data breach

Equifax to pay up to £561m to settle multiple data breach complaints

Days after suffering a catastrophic data breach, US credit rating agency Equifax has won a contract by the IRS to verify identities of taxpayers.

The IRS said that awarding the contract to Equifax is risk-free as the service Equifax provided does not pose a risk to IRS data or systems.

Back in September, Equifax suffered a massive data breach that compromised details of millions of customers, including credit card details of over 209,000 citizens.

Not only did hackers get their hands on personal identifying information for approximately 182,000 U.S. consumers that included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, they also accessed names, dates of birth, email addresses, and telephone numbers belonging to over 400,000 UK citizens.

Following the breach, Equifax' CEO Richard Smith, its Chief Information Officer and its Chief Security Officer resigned and were replaced by interim heads. On 2nd October, Equifax announced that the number of consumers potentially impacted by the breach was 145.5 million, 2.5 million more than previously believed.

Despite the devastating effects of the breach which occurred due to Equifax' failure to update its systems with security patches when they were made available, the IRS sees no harm in awarding the credit rating agency a $7.25 million fraud prevention contract.

First reported by Politico, the terms of the contract will involve Equifax verifying identities of taxpayers and helping the IRS prevent fraudulent activities. The contract was also offered as a "sole source order" which meant that no other firm was able to bid for the contract.

"In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed," said Senate Finance Chairman Orrin Hatch to Politico.

"The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this. I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward," said Senator Ron Wyden who is also a member of the Finance Committee.

Even though lawmakers are seething over the contract being awarded to Equifax, that too as a sole source order, the IRS said that it believes the services offered by Equifax as per the terms of the contract will not impact its data or systems.

"Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems. At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation," said the IRS in a statement.

Copyright Lyonsdown Limited 2021

Top Articles

With cyber attacks on the rise, the Royal Family seeks a cyber security expert

The Royal Household is looking for a cyber security engineer to monitor networks and protect digital systems from hacking attacks.

Colonial Pipeline paid $5 million in ransom to DarkSide ransomware group

Colonial Pipeline paid $5 million to the DarkSide ransomware group to restore operations within hours after a ransomware attack paralysed fuel supplies in the U.S. east coast.

HSE forced to shut down computer systems due to 'significant cyber attack'

Ireland's public healthcare system, HSE, has been forced to shut down its computer systems as hospital administrators became aware of a 'significant ransomware attack' on Thursday evening.

Related Articles