Associated Press Richard F. Smith, former CEO of Equifax, testifies Tuesday before the House's Digital Commerce and Consumer Protection Subcommittee on Capitol Hill in Washington, D.C.
Thursday, October 05, 2017 1:00 am
IRS contract with Equifax questioned
Former CEO fields lawmaker inquiries following data breach
KEVIN FREKING | Associated Press
WASHINGTON – Members of Congress expressed bewilderment Wednesday that credit reporting company Equifax, under siege after a data breach affecting more than 145 million people, has received a $7.25 million contract with the IRS to provide taxpayer and personal identity verification services.
“Why in the world should you get a no-bid contract right now?” Sen. Ben Sasse, R-Neb., asked former Equifax CEO Richard Smith during a Senate Banking, Housing and Urban Affairs Committee hearing.
Sasse's indignation was soon topped by Sen. John Kennedy, R-La., who said, “You realize, to many Americans right now, that looks like we're giving Lindsay Lohan the keys to the mini-bar.”
“I understand your point,” Smith said in response to Kennedy's observation, a reference to the actress who has struggled with drugs and alcohol.
Smith testified at the second of four congressional hearings this week in which lawmakers demanded to know how the breach happened and what the company was doing to make things right for consumers. Hackers stole Social Security numbers, birthdates and addresses, and in some instances driver's license numbers.
Smith said he didn't know many details about the contract, but he explained that it was for work Equifax has done in the past for the IRS, and he thought the contract was being renewed. He also said he believed the contract was “to prevent fraudulent access to the IRS.”
The contract says Equifax was the only company capable of providing the services, and it was deemed a “critical” service that couldn't lapse.
Sen. Heidi Heitkamp, D-N.D., said Equifax forced the IRS to take the contract for another year after issuing a protest. She called on Smith to tell the IRS that it's fine to take the contract somewhere else.
The IRS issued a statement that said Equifax advised the agency that no IRS data was involved in the breach. The statement confirmed that the renewal was awarded to Equifax to prevent a lapse in service.