Three weeks after Equifax experienced a massive data breach affecting 145 million Americans, the IRS awarded the credit monitoring company a $7 million sole-source contract to help prevent tax fraud, according to contracting documents.
News of the contract dumbfounded members of Congress Wednesday, one day after recently resigned Equifax Chief Executive Officer Richard Smith told lawmakers on the Hill that Equifax did not, for example, encrypt sensitive consumer information on its servers.
“This is beyond an abject failure, it’s a management failure,” said Rep. Jackie Walorski, R-Ind., speaking to IRS officials called in to testify before a House Ways and Means subcommittee Tuesday.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
“We have contracts being signed in the middle of an investigation into the biggest data breach in the history of this country,” Walorski said.
Others in Congress decried the IRS’ decision to employ Equifax to “assist in ongoing identity verification and validations” and “verify taxpayer identity” while the company struggles to assess how and why its servers were compromised. The chairman and ranking member of the powerful Senate Finance Committee—Sens. Orrin Hatch, R-Utah, and Ron Wyden, D-Ore., respectively—took issue with the contract and suggested an investigation was imminent in emailed statements to Politico.
Sen. Maggie Hassan, D-N.H., also took ire with the decision in a tweet.
“This must be investigated immediately,” she said.
Jeffrey Tribiano, the IRS’ deputy commissioner for operations support, tried to downplay the tax-collecting agency’s deal with Equifax, calling it a “bridge contract.”
Speaking before the Ways and Means oversight subcommittee, Tribiano said the IRS recompeted the contract—already held by Equifax—earlier this year and awarded it to another vendor, Experian Information Solutions. Equifax, however, protested the government’s decision in July, and the Government Accountability Office did not render a decision in the case before the contract was set to expire on Sept. 29, the final day of the federal government’s fiscal year.
“When we came down to Sept. 29 when the Equifax contract expired, we had to either stop service, which meant millions of taxpayers would no longer be able to get their transcripts—like those in need in hurricane disasters areas—or do a bridge contract with Equifax until GAO decides on the protest and we move forward,” Tribiano said.
GAO’s decision is due Oct. 16. GAO can either deny, dismiss or sustain the protest.
Meanwhile, Smith is scheduled to testify before the Senate Banking Committee, a Senate Judiciary subcommittee and the House Financial Services Committee later this week.