Lawmakers demand answers on IRS contract with Equifax
Lawmakers want to know why the IRS is awarding a multimillion dollar contract to Equifax after the credit rating company suffered a massive hack that compromised the information of more than 145 million Americans.
“Right now, no businesses or consumers in Massachusetts or Nebraska would blindly trust Equifax to protect against fraud or handle sensitive personal information,” wrote Sens. Elizabeth Warren (D-Mass.) and Ben Sasse (R-Neb.) on Wednesday.
“It is surprising that the IRS would choose to do so given its legal obligations to protect Americans’ privacy,” Warren and Sasse continued. “The catastrophic breach at Equifax puts a significant burden on the company to earn any government contract, and on the IRS to explain fully why such a contract was awarded. If the IRS cannot sufficiently do so, this contract should be rescinded.”
{mosads}
Despite the hack, IRS gave Equifax a $7 million contract to help the agency with fraud prevention services.
The contract is to “verify taxpayer identity and to assist in ongoing identity verification and validations needs of the Service,” according to a federal contract filing.
Equifax failed to update a patch in its software before the hack. There were more missteps after the breach. Equifax directed consumers checking to see if they were affected to the wrong website and charged some to take action to protect their data.
The company’s former CEO testified before multiple committees this week, where lawmakers vented their frustration.
The IRS has defended the contract as a stopgap measure.
Jeffrey Tribiano, IRS deputy commissioner for operations support, spoke to a House Ways and Means Committee hearing about IRS information technology infrastructure on Wednesday. He said the agency is just extending a contract for services Equifax already provides until they can find a new vendor.
“We had to either, one, stop the service, which means millions of taxpayers would not be able to get their transcripts, including those that are in need of it — like in the hurricane disaster areas, they use those tools to get their transcripts — or do a bridge contract with Equifax until [the Government Accountability Office] decides on the protest, and we move forward,” he told lawmakers.
It’s unclear if those answers will be enough for Congress.
On Wednesday, Senate Finance Committee Chairman Orrin Hatch (R-Utah) and Ranking Member Ron Wyden (D-Ore.) also penned a letter to IRS Commissioner John Koskinen raising questions about the decision to award the contract.
Rep. John Ratcliffe (R-Texas), chairman of the House Homeland Security subcommittee on cybersecurity, has even urged the Department of Homeland Security to review and potentially block the contract.
“A multi-million dollar contract with a company that just recently displayed cybersecurity negligence of epic proportions is significantly degrading to public trust,” Ratcliffe said Wednesday night.
The IRS insists it does not think its data is at risk.
“Equifax advised us that no IRS data was involved in their breach,” the IRS said Tuesday. “Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems.”
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..