Just hours after Equifax CEO Rick Smith wrapped up his testimony before the House Energy and Commerce committee – the first in a series of Congressional “fact-finding missions” about the hack – Politico reported that the IRS last week awarded the disgraced credit monitoring bureau with a $7.25 no-bid contract even as the company struggled to address suspicions that it mislead investors and customers by withholding information about one of the most damaging data breaches in US history.
Equifax famously waited more than a month to disclose that hackers had infiltrated its servers and absconded with the sensitive financial information of more than 140 million customers, sparking widespread outrage that only intensified after reporters discovered that several of the company’s senior executives – including its CFO – cashed out of shares and options in the weeks before the company came clean about the hack.
According to the terms of the IRS contract, Equifax would be responsible for verifying taxpayer identities and help prevent fraud under a no-bid contract issued last week.
As if the IRS’s decision to entrust the disgraced credit bureau with sensitive taxpayer data wasn’t galling enough, the agency seemingly fast-tracked the contract by classifying it as a “sole source order” – a designation that allows the agency to circumvent the bidding process by claiming a given vendor is the only one capable of executing the contract. However, the agency’s justification for this designation is baffling, considering that there are two other credit bureaus in the US that offer a nearly identical suite of services.
The notice describes the contract as a “sole source order,” meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract.