Lawmakers question IRS’s $7.25M no-bid contract with Equifax

Leaders of the Senate Finance Committee said they were “taken aback” to find out the Internal Revenue Service has recently signed a $7.25 million contract with Equifax for verifying taxpayer identities after the company admitted to a massive data breach exposing the personal information of approximately half of all Americans.

Senate Finance Committee chairman Orrin Hatch, R-Utah, and ranking member Ron Wyden, D-Ore., sent a letter Wednesday to IRS Commissioner John Koskinen asking about why the agency would award a contract to Equifax after the company exposed the private information of more than 145 million Americans. The senators are investigating the impact of the data breach on Americans and federal agencies, and they asked Koskinen to explain the IRS’s rationale for trusting the company to aid with combating identity theft.

“We were taken aback when it came to our attention that last week the IRS awarded Equifax a sole source contract worth over seven million dollars for ‘verify[ing] taxpayer identity and ... assist[ing] in ongoing identity verification and validations needs of the Service,’” they wrote.

They asked Koskinen to help them better understand the IRS’s new and existing contracts with Equifax, and requested information including a copy of the contract and details on the services Equifax will perform. They also wondered, “Why was this awarded as a sole source contract especially in light of the recent breach?” and asked what steps the IRS is taking to ensure that Equifax is protecting taxpayer information. They also asked for a copy of every active contract between the IRS and Equifax, and they want the information no later than Oct. 11, 2017.

Equifax’s former CEO, Richard Smith, who resigned last week amid the outcry over the data breach, testified before Congress Tuesday and blamed an employee for making the error. He repeatedly apologized, however, saying, “As CEO, I was ultimately responsible for what happened on my watch. Equifax was entrusted with Americans’ private data and we let them down.”

Other lawmakers also reacted with shock at the deal, with one of them comparing it to an article on the satirical website the Onion. "It has come to my attention that on September 30th your agency awarded a sole source contract to Equifax to 'verify taxpayer identity' and 'assist in ongoing identity verification and validations,' I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true," wrote Rep. Earl Blumenauer, D-Ore., in a separate letter to Koskinen. "As I’m sure you are aware, Equifax is the firm that appears to have been grossly negligent in allowing a massive data hack of the personal information of 145 million Americans. What’s more, this news was public in early September, giving your agency plenty of time to re-evaluate this decision. As a result, I am shocked that the IRS would contract with this firm for activities that they are clearly unfit to carry out."

Rep. Susan DelBene, D-Wash., also sent a letter to Koskinen outlining her concerns. “I write with deep concern over the recently reported decision by the Internal Revenue Service (IRS) to award a no-bid contract to Equifax,” she wrote. “I must question the IRS’ decision to move forward with this contract in light of the ongoing investigations into these incidents, and the general fitness of this company as a federal government contractor to perform functions that are not unrelated to the massive failures outlined above. I request a prompt response on the reasoning behind this decision, as well as a comprehensive explanation of alternatives to this seemingly reckless use of taxpayer dollars.”

Andrew Harrer/Bloomberg