IRS hands fraud prevention contract to Equifax despite massive hack
You’d think that government agencies would be reticent to work with Equifax given that it just exposed the private info of more than 145 million people through a preventable hack, but a massive data breach apparently isn’t enough of a deterrent. The Internal Revenue Service recently awarded Equifax a fraud prevention contract that will have it verifying taxpayer identities. And crucially, it was a no-bid, “sole source” contract — Equifax was deemed the only company capable of fulfilling demand.
In practice, officials didn’t have much of a choice. Credit reporting in the US is dominated by three large companies (Equifax, Experian and TransUnion), and Equifax is arguably the powerhouse of the bunch. However, that only underscores the problem here: the IRS had to trust a crucial anti-fraud system to a company that not only had sloppy online security practices, but has been reluctant to take full responsibility for its mistakes.
There’s a real chance that the hack will get Equifax to clean up its act in time to improve its handling of IRS data. We wouldn’t count on it, though, and there’s always the possibility that the IRS will fall afoul of the kind of data breach that prompted this anti-fraud contract in the first place.