UPDATE: Senators want answers on Equifax $7 million no-bid contract to protect consumer data
By Andrea Riquier
Is Equifax the only company that can assist the government in protecting taxpayer identities?
Two senators are raising concerns about a contract awarded to Equifax by the Internal Revenue Service to verify the identities of taxpayers, just weeks after the data company said a security breach had compromised the identities of 143 million Americans (http://www.marketwatch.com/story/equifax-breach-risks-143-million-americans-data-stock-plunges-13-2017-09-07) over the course of several months this year.
Senators Ben Sasse, a Republican from Nebraska, and Elizabeth Warren, a Massachusetts Democrat, wrote to IRS Commissioner John Koskinen Thursday, after reports emerged that the tax agency had awarded a $7.2 million no-bid contract to Equifax(EFX) on September 30.
That news broke even as the company's CEO was facing questions on Capitol Hill about the security breach and Equifax's management of it.
Also read:Former Equifax CEO apologizes for data breach in congressional testimony (http://www.marketwatch.com/story/former-equifax-ceo-apologizes-for-data-breach-in-congressional-testimony-2017-10-02)
The contract specifies that Equifax will "verify taxpayer identity and assist in ongoing identity verification and validation needs of the IRS." It was designated a "sole-source" contract, meaning that the government believes Equifax is the only company capable of providing this service.
But, as the two senators noted in a release: "Right now, no businesses or consumers in Massachusetts or Nebraska would blindly trust Equifax to protect against fraud or handle sensitive personal information. It is surprising that the IRS would choose to do so given its legal obligations to protect Americans' privacy."
Sasse and Warren, described by their press officers as one of the Senate's "most conservative members" and one of the "most liberal members," asked the IRS for more information on the decision-making for the contract, including whether Equifax had committed to new security requirements.
They also said that the scale of the breach over the summer "puts a significant burden on the company to earn any government contract, and on the IRS to explain fully why such a contract was awarded. If the IRS cannot sufficiently do so, this contract should be rescinded."
Also read: Were you impacted by the Equifax breach? You risk financial chaos by doing nothing (http://www.marketwatch.com/story/equifax-breach-why-you-should-freeze-your-credit-report-today-2017-09-14)
-Andrea Riquier; 415-439-6400; AskNewswires@dowjones.com
(END) Dow Jones Newswires
10-06-17 0815ETCopyright (c) 2017 Dow Jones & Company, Inc.