By Aaron Kesel
You can’t make this up. The IRS awarded Equifax with a multi-million dollar fraud prevention no-bid contract despite that its own execs committed market fraud when they sold shares before telling the public they were hacked.
The IRS will pay Equifax $7.25 million to help verify taxpayer identities and prevent fraud under a no-bid contract issued last week.
The credit agency will “verify taxpayer identity” and “assist in ongoing identity verification and validations” at the IRS, according to the award.
The award describes the contract as a “sole source order,” which means Equifax is the only company held capable of providing the service. The order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract.
Both Republican and Democrat lawmakers bashed the IRS decision as irresponsible and horrible.
“In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed,” Senate Finance Chairman Orrin Hatch (R-Utah) told POLITICO in a statement.
“The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this. I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward,” Sen. Ron Wyden (D-Ore.) said.
Reps. Suzan DelBene (D-Wash.) and Earl Blumenauer (D-Ore.) also expressed their distaste for the deal writing letters to IRS Commissioner John Koskinen demanding he explains why the agency awarded the contract to Equifax as well as provide information on any alternatives they may have considered.
“I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true,” Blumenauer wrote.
The IRS defended its decision in a statement, stating that Equifax told the agency that none of its data was involved in the breach and that Equifax already provides similar services to the IRS under a previous contract.
“Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems,” the statement reads. “At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation.”
Early last month Equifax was hacked exposing the personal information of as many as potentially 150 million Americans, which included social security numbers, birth dates, and other private information.
Afterwards three executives sold off $1.8 million dollars of the companies stock before telling the public. The Justice Department opened a criminal investigation into those three Equifax executives.
Another fun fact: the identity verification systems the IRS uses are made by credit-rating agency Equifax. The system, known as Knowledge-Based Authentication, or KBA, asks questions based on a person’s credit history, such as “On which of the following streets have you lived?” or “What is your total scheduled monthly mortgage payment?”
If that’s not enough Quartz reports that in 2015, the Equifax KBA system was hacked in a data breach that resulted in the loss of more than 700,000 tax records.
Former Equifax CEO Richard Smith was put in front of congressional committee hearing this week and apologized for mistakes which led to the massive breach.
Smith additionally called for an end to Social Security numbers, claiming the country needed “to think beyond” the identifiers.
“What is a better way to identify consumers in our country in a very secure way? I think that way is something different than an SSN, a date of birth and a name,” he said, according to Bloomberg.
With two breaches under its belt including one involving an IRS system can any person state one valid reason to give Equifax a $7.25 million contract; and tell me how on earth the firm is still seen as “capable” to do the job?
Hat tip: MassPrivateI