Twenty-two days after Equifax announced its failures put the identities of 143 million Americans at risk, the IRS awarded Equifax a no-bid identity management contract.
The IRS Award Notice says little, except this: "This action was to establish an order for third-party data services from Equifax to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the Service."
It's a service that Equifax currently provides the IRS. So why didn't the Internal Revenue Service put the service out for bid? The agency claims there was not enough time. "This is considered a critical service that cannot lapse."
The news broke just hours after former Equifax CEO Richard Smith apologized to a congressional committee for the breach. He shared details of the Equifax breach discovery and incident response timeline and detailed what the Equifax InfoSec team has done to increase cybersecurity since the breach.
Several U.S. Senators told Politico they are upset that a company that put identities at risk was given a no-bid contract relating to ensuring identities.
"In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed," Senate Finance Chairman Orrin Hatch told the political news outlet.
Note: Equifax now says more than 145 million Americans had their information accessed during the breach.
There is more to come on the Equifax mega breach, so follow SecureWorld on LinkedIn, Twitter, or Facebook.
