IRS Awards $7.25M Fraud-Prevention Contract To Equifax Despite Failure To Secure Consumers’ Data

Image courtesy of pjpink

This week, various members of Congress are verbally flogging Equifax over the recently revealed data breach that compromised the personal information of around 145 million people. Meanwhile, the folks down the road at the Internal Revenue Service apparently aren’t concerned about incompetence, awarding Equifax a multimillion-dollar contract for — sigh — fraud-prevention services.

The $7.2 million identity verification contract was awarded on Sept. 29, less than a month after Equifax revealed that its systems had been the subject of a months-long data breach.

What’s The Work?

Under the contract, Equifax will provide data services to “verify taxpayer identity and to assist in ongoing identity verification and validation” needs of the agency.

What’s that mean exactly? Well, first that Equifax will use its services to verify taxpayer identities.

Second — and this is the kicker — the credit reporting agency will also work to help prevent fraud.

Yes, prevent fraud. That’s a funny thing, considering, according to Equifax’s own ex-CEO Richard Smith, the company failed to identity for four months the fact that hackers were hanging out inside its systems, syphoning personal information for millions of consumers.

Of course, the type of fraud Equifax will be charged with preventing under the IRS contract is different — mainly dealing with detecting when a person is using someone else’s information to file a tax return.

Still, that type of fraud could be tied to Equifax. After all, with millions of consumers’ personal information now up for grabs thanks to the company’s breach, it wouldn’t be entirely surprising if someone bought that data and used it to file a fraudulent tax return.

Why Equifax?

The contract, which was posted to the Federal Business Opportunities data base, is described as “sole source order.”

This essentially means that Equifax is, for some reason, the only company capable of providing the services.

That’s not entirely surprising considering there are only three major credit reporting agencies in the U.S. — Equifax, Experian, and TransUnion.

Equifax is still the largest of the three and has done the job in previous years, and so — massive hack notwithstanding — the agency still considers it the best choice for the job.

A rep for the IRS tells Politico that the Equifax assured it that none of its data was involved in the breach.

“Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems,” the IRS statement reads. “At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation.”

Not Happy About It

News of Equifax’s shiny new contract came just after former CEO Smith answered questions during a congressional hearing Tuesday.

Unsurprisingly, many lawmakers were not thrilled with the contract.

Senate Finance Chairman Orrin Hatch (UT) told Politico that awarding the contract to Equifax was “irresponsible” given the recent breach.

Oregon Senator Ron Wyden told Politico that the Finance Committee would look into why Equifax was the only company be considered for the contract.