Equifax just can’t seem to get out of its own way.
Not long ago, the company suffered a massive data breach which saw the sensitive information of more than 145 million consumers exposed.
As a result, congressional hearings were convened, and the CEO resigned in disgrace. Amazingly, though, despite these events, the IRS opted to award the company a contract worth $7.5 million for its help and expertise in verifying taxpayer identification to prevent identity theft.
The irony did not escape the notice of security professionals around the world, who wrote literally hundreds of Op-ed and protest pieces.
Then, Equifax got hacked again. The company’s website was found to have been hacked, redirecting users to a malicious site that sent them to download adware.
Almost as soon as the issue was discovered, Equifax took the page down, insisting that this latest hack was due to a third-party contractor and did not constitute another breach of their network. However, that explanation was insufficient to the IRS, which suspended the recently awarded contract in response.
The decision has real and immediate impact on the nation’s tax payers because it will prevent them from creating new accounts through the IRS’s “Secure Access” program, which provides taxpayer access to transcripts and other records. If you already have an account set up, you will not be impacted.
The decision to pull the contract was seen as a positive development by the congressional committee convened to hold hearings on the matter, which concluded that, given the company’s recent track record, there was no real way to argue that this somehow increased user security.
On the other hand, as was pointed out by IRS Commissioner John Koskinen, the move would prevent literally thousands of recent hurricane victims from accessing their tax information.
Both points are true, but it’s hard to see how it could be argued that pulling the contract was the wrong move, even if it temporarily inconveniences a small percentage of taxpayers.