IRS gives Equifax a sweetheart deal

  • 6 October 2017
  • NormanL
IRS gives Equifax a sweetheart deal

Equifax, the giant credit bureau that gathers, and sells, information on millions of Americans, is still reeling from the massive data breach that exposed much of that data to hackers, and its subsequent bungling in response to the crime. While that story is still unfolding, the company did manage to land a big government contract...with the IRS. And it has, quite rightly, raised a lot of eyebrows:

The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans.

A contract award for Equifax's data services was posted to the Federal Business Opportunities database Sept. 30 — the final day of the fiscal year. The credit agency will "verify taxpayer identity" and "assist in ongoing identity verification and validations" at the IRS, according to the award.

The notice describes the contract as a "sole source order," meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract.

Lawmakers on both sides of the aisle blasted the IRS decision.

As well they should. Equifax's lax security measures, botched response, and continued fumbling has left its corporate reputation in tatters, and left millions of people open to possible identity theft. That it still managed to get a sweetheart contract with the IRS? That's genuinely shocking.

The IRS defended its decision in a statement, saying that Equifax told the agency that none of its data was involved in the breach and that Equifax already provides similar services to the IRS under a previous contract.

"Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems," the statement reads. "At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation."

That's rich. The IRS was the source of an earlier security breach that exposed the personal data of hundreds of thousands of American taxpayers, which resulted in a surge of tax refund fraud. And yes, Equifax contributed to that problem, too.

We can chide the IRS for its decision. We can heap scorn on Equifax for its ineptness. But uniting the two entities to stand guard over the public's tax information strikes us as a crude attempt at comedy. Surely, this is a joke. A bad joke. They can't be serious.

But by current reporting accounts, the IRS is serious about going ahead with the deal.

What could possibly go wrong? Everything. Go here for suggestions on what you should do to protect your credit.