The IRS has backed out of a controversial multimillion-dollar contract with credit reporting agency Equifax amid concerns that the corporation should not be awarded any federal funds after it leaked sensitive data belong to hundreds of millions of people in an enormous data breach.
In a breach that stretched from mid-May through July, hackers gained unprecedented access to the person information belonging to 143 million consumers after Equifax – one of the nation’s three major credit reporting agencies – failed to properly protect and secure that data.
Despite the breach, Equifax was awarded a $7.25 million no-bid contract from the IRS to verify taxpayer identities and help prevent fraud, with the government agency deeming Equifax the only company able to provide the service.
Congress immediately questioned the move: “In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed,” said Senate Finance Chairman Orrin Hatch (R-UT).
Sen. Sherrod Brown (D-OH) echoed the condemnation: “Suspending the IRS contract is only the first step. We cannot know taxpayers are protected until Equifax is banned from all federal contracts.”
On Friday, the IRS released a statement announcing that it had suspended the contract as a “precautionary step” pending a further look at Equifax’s security apparatus.
“During this suspension, the IRS will continue its review of Equifax systems and security,” the agency said. “There is still no indication of any compromise of the limited IRS data shared under the contract.”
Also on Friday, Equifax maintained that it is “the best party to perform the services required in this contract” and noted that it is “engaging IRS officials to review the facts and clarify available options.”