Problems continue to mount for credit-reporting agency Equifax, who this week lost its bid to keep a major contract with the IRS. The cancellation of the multi-million dollar contract — to protect people from identity fraud, ironically — was protested by the Atlanta-based company, which is still smarting from September’s gigantic data breach.
The Government Accountability Office ruled Monday that the IRS was justified in canceling the contract. In a summary of the decision on the GAO’s website, the body said:
Equifax Information Services, LLC (Equifax), of Lanham, Maryland, the incumbent contractor, protests the establishment of a blanket purchase agreement (BPA) with Experian Information Solutions (Experian), of Costa Mesa, California issued by the Department of the Treasury, Internal Revenue Service (IRS), for taxpayer identity and verification services. Equifax challenges the agency’s evaluation of the awardee’s quotation.
We deny the protest.
The contract is now in the hands of rival credit agency Experian, which Equifax argued did not have the capacity to perform the job.
IRS cancels $7.2 million ‘taxpayer identity’ contract with Equifax
For its part, the IRS, not particularly fond of its name appearing with Equifax in a headline these days, is just trying to move on.
“We’re looking forward to the start of the new contract,” the IRS said in a statement to Politico. “We will move as quickly as we can, but it will take some time to begin service under the new contract.”
In a sign of how sensitive the matter of personal data has become, the IRS-Experian deal — worth up to $795,000 for one year — is significantly less than the original Equifax “taxpayer identity” contract, which was for $7.2 million over just nine months, the site reports.
The latest defeat for Equifax came the same day comedian and “Last Week Tonight” host John Oliver eviscerated the embattled credit agency, saying that it’s still ridiculously easy to create a fake site to draw millions of consumers looking for the agency online. To make his point, Oliver’s team set up EquifaxFraudPrevention.com with the tag line “How were we still able to do this?” and “Why haven’t we learned anything?”
With the new information we know about the Equifax data breach, here’s a timeline:
- August 2016: MSCI warns Equifax of vulnerability to data breach
- March 2017: Agency learns that hackers broke into their computer system
- July 29, 2017: Equifax’s Security team observes “suspicious network traffic” associated with its online web portal and blocks it
- August 1, 2017: Two Equifax executives — Chief Financial Officer John Gamble and Joseph Loughran, Equifax’s president for U.S. information solutions — sell stocks before the hack was dislcosed, according to multiple news reports. Rodolfo Ploder, president of workforce solutions, reportedly sells company stock a day later.
- August 2, 2017: Equifax hires Mandiant, a cybersecurity firm, to investigate the hack and find out what was exposed
- September 7, 2017: Company announces that “criminals” exposed as many as 143 million people to identity fraud
- September 26, 2017: The Board of Equifax announces that Richard Smith is out as Chairman/CEO effectively immediately
- October 2, 2017: Mandiant’s concluded investigation shows that an additional 2.5 million U.S. consumers were potentially impacted, bringing the total exposed in the hack to 145.5 million
- October 12, 2017: Equifax confirms it was hacked again, this time with a fake Flash installer application. The company is investigating the attack to learn more
- October 16, 2017: Equifax loses appeals hearing on cancellation of $7.2 million contract with IRS.
Money expert Clark Howard says in the wake of the massive data breach, the one true protection U.S. consumers have is to freeze their credit. “It’s imperative that you freeze your credit with all three main credit reporting agencies: Equifax, Experian and TransUnion,” he writes.
Equifax breach: 5 things to expect when freezing your credit