IRS rewards Equifax with multi-million dollar fraud-prevention contract after massive data breach

The breach exposed the personal data of more than 145 million Americans.

Richard F. Smith, former chairman and CEO of Equifax. CREDIT: AP Photo/Carolyn Kaster
Richard F. Smith, former chairman and CEO of Equifax. CREDIT: AP Photo/Carolyn Kaster

Credit monitoring firm Equifax has been awarded a $7.25 million no-bid contract to help prevent fraud, despite the fact that the company is reeling from a security breach that exposed the personal data of more than 145 million Americans.

The breach, which was discovered in July but not made public until September, is believed to be one of the largest identity thefts in American history. Credit card numbers, names, addresses, driver’s license and Social Security numbers were all exposed, enabling hackers to buy and sell the information over the internet for years to come.

But despite this massive cyber-security lapse, the Internal Revenue Service (IRS) still awarded the company a multi-million dollar contract on September 30 — the last day of the fiscal year — to “verify taxpayer identity and to assist in ongoing identity verification and validation needs of the Service,” Politico reported Tuesday.

The contract was described as a “sole source order,” meaning Equifax was the only company capable of providing the service, according to Politico. “This is considered a critical service that cannot lapse,” the contract added.


In wake of the data breach fiasco, Equifax offered free identity theft services to those who’d been affected by the hack — but those people had to agree not to participate in class-action arbitration later on. The identity service’s Terms of Use explicitly states that its customers are banned from entering “any arbitration on a class or representative basis.”

The company is also facing scrutiny after revelations emerged that senior executives had sold off nearly $2 million worth of stock just days after the company discovered the data breach, but more than a month before the hack was revealed to the general public. A spokeswoman for Equifax said that the three executives who sold the shares had “no knowledge that an intrusion occurred” when they sold the stock. But earlier in September, the Justice Department announced a criminal investigation to discover whether or not the top executives violated insider trading laws.

On Tuesday Equifax CEO Richard Smith, who was forced to resign because of public furor over the hack, was subject to an intense scrutiny by lawmakers on Capitol Hill — the first in a series of four public hearings.

“It’s like the guards at Fort Knox forgot to lock the doors,” Rep. Greg Walden (R-OR) told Smith during the hearing, adding that he openly wondered if the company had protocols to deal with data breaches. “How does this happen when so much is at stake?” Walden said. “I don’t think we can pass a law that fixes stupid.”

Smith testified that the hack was due to one person’s oversight. “The human error was that the individual who’s responsible for communicating in the organization to apply the [security] patch did not,” he told the committee. He also maintained that the three executives who sold the stock were “men of integrity” and that he had no indication they were aware of the breach when they sold their shares.

But lawmakers did thank Smith for helping to create a rare moment of bipartisanship on Capitol Hill.

“Mr. Smith, it seems to me that you’ve accomplished something that no one else has been able to accomplish, Rep. Anna Eshoo (D-CA) said. “That is you have brought Republicans and Democrats together in outrage and distress and frustration over what’s happened because this is huge.”