Despite Jeopardizing Personal Data of Millions, Equifax Receives New Contract to Assist IRS in Identity Verification

United States Senators Ben Sasse (R-Neb.) and Elizabeth Warren (D-Mass.) today raised concerns about the recent decision by the Internal Revenue Service (IRS) to award Equifax a $7.2 million contract to handle sensitive taxpayer information, despite the company’s recent data breach exposing the personal information of over 145 million Americans. 

Earlier this week, the IRS posted the award of a new, short-term, $7.2 million sole-source contract with Equifax “to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the” IRS.

“Right now, no businesses or consumers in Massachusetts or Nebraska would blindly trust Equifax to protect against fraud or handle sensitive personal information,” wrote the senators. “It is surprising that the IRS would choose to do so given its legal obligations to protect Americans’ privacy. The catastrophic breach at Equifax puts a significant burden on the company to earn any government contract, and on the IRS to explain fully why such a contract was awarded. If the IRS cannot sufficiently do so, this contract should be rescinded.”

The senators wrote to Commissioner John Koskinen, posing a series of questions about the department’s decision-making process for the contract, including whether or not Equifax had committed to new cybersecurity requirements in the wake of the breach. 

Senators Sasse and Warren both questioned former Equifax CEO Richard Smith during a Banking Committee hearing about the data breach earlier today. Senator Sasse also questioned Mr. Smith about the details of the company’s contract with the IRS. Senator Warren pressed him on how the company might profit from selling more fraud prevention services in the wake of its recent security breach.