Only weeks after Equifax revealed details of a major security breach to its system, the IRS awarded a fraud prevention contract to the embattled company. The IRS finalized the $7.25 million contract on Sept. 29. In the contract, Equifax would provide verification and validation services for taxpayer identity.
“At first glance it doesn’t make a lot of sense,” said Beverly Harzog, a consumer credit expert and advocate. “Equifax knew about its breach well before they disclosed it, and the IRS knew about the breach when they made the award. I have to think there’s something going on behind the scenes.”
That something is that the IRS felt it had no choice but renew the fraud prevention contract with Equifax.
Did Equifax force the IRS into the fraud prevention contract?
According to the public document on the contract, which posted on Sept. 30, the contract with Equifax is a “sole source order.”
“That sole source order means that this was a no-bid contract,” said Harzog. “The IRS had some reason to believe that only Equifax can provide the verification services it needs.”
Based on the notice of the award, the reason for the sole source order is that the IRS wanted to resolve a protest.
During a hearing before the House Ways and Means Committee on the morning of Oct. 4, Jeffrey Tribiano, the Deputy Commissioner for Operations Support at the IRS said there were plans to award the new fraud prevention contract to another provider when Equifax’s contract ran out at the end of September.
Equifax, who had the contract previously, filed a bid protest in an effort to delay the process. The protest won’t be resolved until October 16, and the IRS can’t move on to another partner until the matter is resolved.
If the IRS hadn’t extended the contract with Equifax, said Tribiano, it would have been without validation services for more than two weeks. This would have left millions of Americans unable to verify their identity with the IRS. The contract has only been extended to cover the gap until the protest is resolved.
IRS suspends Equifax contract over potential new hack
After Equifax’s website was the subject of another potential hack in early October, this one encouraging visitors to download malware, the IRS suspended the short-term contract with Equifax.
“The contract suspension is being taken as a precautionary step as the IRS continues its review,” said the IRS in a statement released Oct. 12.
While Equifax investigates the matter, it has temporarily blocked users from creating new accounts with Secure Access.
Can Equifax still be trusted?
Questions surrounding Equifax’s trustworthiness have been circulating since the public learned of the massive hack that left more than 140 million Americans’ data vulnerable.
“I’d have a hard time trusting Equifax,” said Harzog. She cited some of the missteps along the way, starting with the fact that someone in the company didn’t apply a software patch suggested by the Department of Homeland Security. On top of that, Equifax handled the aftermath of the breach poorly, continuing to charge consumers for credit freezes before backtracking and offering free freezes until November 21, 2017. Equifax even used its Twitter account to send consumers to a fake site about the issue.
In testimony before a Congressional committee last week, former Equifax CEO Richard Smith (who stepped down on Sept. 26) apologized for the not protecting data. He then proceeded to point the finger at personnel who neglected to apply the patch and admitted that subsequent security scans failed to catch the vulnerability.
Despite how anyone feels about Equifax right now, the IRS felt it had little choice but to trust Equifax. Additionally, because Equifax is a major credit reporting agency, consumers have little choice but to hope that Equifax will be more vigilant going forward.
What does this mean for your private information?
In the end, said Harzog, there isn’t a whole lot you can do. “Until all this shakes out, you might want to put a freeze on your credit,” she suggested. “It won’t protect against fraudulent purchases made with a stolen credit card, but it can reduce the chance that a scammer will open a loan in your name.”
Harzog also recommended remaining diligent about your accounts now — and in the future. “I’m checking my accounts every day right now,” she said. “However, we live in a new reality. You will need to remain vigilant. Some hackers will sit on the information for a couple years to wait for the furor to die down.”
As for protecting your tax information? One of the biggest issues with tax fraud in recent years, said Harzog, is the fact that fraudsters can file a tax return using your information first. She suggested filing your tax return as early as possible so you get it in before fraudsters can throw a wrench in the process.
We live in a world that is increasingly vulnerable to information hacks. It’s no longer a matter of “if.” Stay on top of the situation so you can resolve it as quickly as possible when you discover your information is compromised.
This article was updated on Oct. 13, 2017.
Interested in refinancing student loans?Here are the top 6 lenders of 2018!
|Lender||Rates (APR)||Eligible Degrees|
|Get real rates from up to 4 Lenders at once
Check out the testimonials and our in-depth reviews!
|2.56% - 7.40%||Undergrad & Graduate||Visit SoFi|
|2.57% - 6.32%||Undergrad & Graduate||Visit Earnest|
|2.58% - 8.12%||Undergrad & Graduate||Visit Lendkey|
|2.80% - 7.02%||Undergrad & Graduate||Visit Laurel Road|
|2.54% - 6.65%||Undergrad & Graduate||Visit CommonBond|
|2.90% - 8.34%||Undergrad & Graduate||Visit Citizens|