Amid the second malware incident, the credit reporting agency Equifax on October 12, 2017, temporarily lost a fraud prevention contract worth $7.25 million with the Internal Revenue Service (IRS) that it had received on September 29, 2017. As a precautionary measure, the multi-million-dollar deal was put on hold after the discovery of an adware installer on Equifax’s website.
Noting that the tax-collecting agency will continue its review of Equifax systems and security, the IRS spokesperson Matthew Leas said “following new information available, the IRS temporarily suspends its short-term contract with Equifax for identity proofing services. There is still no indication of any compromise of the limited IRS data shared under the contract.”
An alert on the IRS website says “This service is unavailable for new users at this time. If you already have an account, please continue the login process. We apologize for any inconvenience.”
IRS’ no-bid contract drew lot of criticism from members of Congress from both political parties as well as from ordinary citizens.
Senator Orrin Hatch, R-Utah, chairman of the Senate Finance Committee told AP “Given that Equifax failed to secure their own systems and provide timely notifications of a massive security breach, they should have never been an option for hire by the IRS.”
Republican Representatives Greg Walden and Robert Latta told Reuters in a joint statement said “from its initial announcement, the timing and nature of this IRS-Equifax contract raised some serious red flags…we are pleased to see the IRS suspend its contract with Equifax”.
After the suspension, breach-beleaguered Equifax said, “We remain confident that we are the best party to perform the services required in this contract. We are engaging IRS officials to review the facts and clarify available options.”
“Since we learned that the third party vendor was “running code that was serving malicious content”, the code was removed from the webpage and we have taken the webpage offline to conduct further analysis”, it further said.
In September this year, Equifax came under scanner after the personal data of 145.5 million users was reportedly hacked. The stolen data included social security numbers, birth dates and addresses, and in some cases driver’s license numbers. The massive breach resulted in the stepping down of its CEO Richard Smith.