Weeks after Equifax announced its worst-in-world-history breach, the IRS awarded the company a $7.5 million no-bid contract to prevent fraud.
The announcement attracted incredulity and derision, but the IRS pressed ahead…until this week, when it was revealed that Equifax had been hacked again and was serving malware to people who were trying to correct errors in their credit records.
That, finally, was the bridge too far for the tax-man. The IRS has (temporarily) yanked the contract. My guess is that they will try to quietly reinstate the contract later, with the tiniest, most obfuscated notice in the Federal Register. After all, the IRS single-sourced this contract because they said that Equifax is literally the only company in America with the data and skills to do the task they say they want done, so either the IRS pays another company a lot more to develop the capabilities, gives up on the project, or just waits until the heat is off and cuts a $7.5m check to the muppets at Equifax.
The agency does not believe that any data the IRS has shared with Equifax to date has been compromised, but the suspension was taken as "a precautionary step."
In the meantime, the IRS will be unable to create new "Secure Access" accounts, which can be used to order tax court transcripts online. Although people can't create new accounts, current Secure Access users aren't affected by this contract change and will continue to have access to their accounts, the agency said. And these transcripts can still be ordered by mail.
IRS suspends contract with Equifax after malware discovered