Equifax's negligence exposed the personal data of more than 145 million consumers to hackers and identity thieves, but that didn't stop the IRS from paying the credit reporting agency $7.25 million to help the agency prevent fraud.
Lawmakers had tough questions for Equifax's former CEO Richard Smith on Tuesday and Wednesday about how the breach happened, and why Smith believed Equifax was in a position to assist the IRS.
“You realize to many Americans right now that it looks like we’re giving Lindsay Lohan the keys to the mini bar,” said Sen. John Neely Kennedy (R-La.).
What's in the contract?
The no-bid contract was awarded to Equifax on Sept. 29, for Equifax to verify taxpayer identities and assist in ongoing identity verification and validations for the IRS.
The contract (you can find it here) was awarded to Equifax as a sole-source order because it was determined that Equifax was the only company capable of providing the necessary services.
"The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this," said Sen. Ron Wyden (D-Ore.). "I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward."
Is there any justification?
The IRS said it is confident that Equifax's handling of the contracted tasks does not pose any risk to IRS data.
"Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems. At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation.”
Smith said he wasn't familiar with the full details of the contract, but he said he thought it was for work Equifax was already doing for the IRS and this was just a renewal.
The IRS knows data breaches
The IRS can likely empathize with what Equifax is going through, as it has had severe data breaches in the past, including last year when more than 700,000 Social Security numbers were stolen, and another recent breach that resulted in millions of dollars worth of student loans being fraudulently stolen by hackers.