The IRS is set to pay Equifax, the credit reporting firm reeling from a massive data leak, $7.25 million to protect taxpayers’ identities and prevent fraud.
The federal tax-collecting agency awarded Equifax a contract through a “sole source order,” which means that the federal government deemed only one supplier capable of delivering the related services.
Equifax’s duty will be “to verify taxpayer identity and to assist in ongoing identify verification and validations needs,” according to a synopsis of the contract. The contract was awarded Sept. 29 by the Department of Treasury, and was first reported by Politico on Oct. 3.
Equifax announced in early September that roughly 143 million U.S. customers likely had personal information stolen due to a large-scale data breach. This number was updated to 145.5 million customers as of Tuesday.
Cyber criminals infiltrated the corporation’s website application and leaked data like names, birth dates, addresses, social security numbers, and for some, drivers licenses and credit card numbers, according to the credit reporting firm.
This is “clearly a disappointing event for our company,” Chairman and CEO Richard F. Smith said in a press release before leaving the company in disgrace.
Congress peppered Smith with critical questions Tuesday during a Congressional hearing.
“It’s like the guards at Fort Knox forgot to lock the doors and failed to notice the thieves were emptying the vaults,” Republican Rep. Greg Walden of Oregon said, reports the Los Angeles Times. “How does this happen when so much is at stake? I don’t think we can pass a law that fixes stupid.”
“How could 225 professionals let a breach like this happen?” asked Democratic Rep. Gerald McNerney of California, according to USA Today.
Not everyone at Equifax had the correct “professional” qualifications. The now-dismissed chief security officer allegedly had a music composition degree, rather than a formal certificate in computer science, cybersecurity, or something pursuant to protecting virtual systems.
The issue wasn’t just the data leak itself, but other circumstances happening during the aftermath.
Equifax was alerted to a software security vulnerability back in March, but failed to patch it properly for months, according to a recent Reuters report. The company also set up a website dedicated to helping customers find out if they were affected by the breach, but accidentally sent them to a phony site in September.
The company’s terms and conditions contract, and the website set up for virtual assistance, both had stipulations written in the fine print that said receiving any help may legally waive their right to a lawsuit. Such legalese caught the ire of New York Attorney General Eric Schneiderman, a Democrat, among other public officials.
Three high-ranking executives sold nearly $1.8 million worth of stock just days after the company detected a large-scale data breach, according to Bloomberg. During the hearing, Smith denied that they did anything wrong, arguing, “They’re honorable men. They’re men of integrity.”
Due to the enormous breach and such details, lawmakers, both Democrat and Republican, harshly criticized the IRS’s decision to work with and pay Equifax.
“In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed,” Senate Finance Chairman Orrin Hatch, a Republican from Utah, told Politico.
Democratic Sen. Ron Wyden of Oregon, the second in line for the committee, agreed.
“The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this,” Wyden told Politico. “I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward.”
Equifax provided assistance under a previous contract, and the new “short-term contract” was awarded to “prevent a lapse in service,” the IRS told The Daily Caller News Foundation.
“Equifax advised us that no IRS data was involved in their breach,” the agency said in a statement obtained by TheDCNF. “Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems. At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation.”
Send tips to eric@dailycallernewsfoundation.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.