WASHINGTON (CBSLA/AP) — The company at the center of the biggest breach of personal information just signed a contract with the federal government to provide, well, personal information.
The Internal Revenue Service signed a $7.25 million contract with Equifax on Sept. 29.
The company is dealing a breach of its systems by hackers who accessed or stole the information of 145 million Americans.
The no-bid contract, first reported by Politico, is for Equifax to provide the IRS with taxpayer and personal identity verification services. The contract stated that Equifax was the only company capable of providing these services to the IRS, and it was deemed a “critical service that cannot lapse.”
“This action was to establish an order for third party data services from Equifax to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the Service,” according to the Federal Business Opportunities website.
Sen. Orrin Hatch (R-Utah), chairman of the Senate Committee on Finance, was critical of the IRS decision. He told Politico in a statement that “it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed.”
The IRS told Politico that “following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems.”
On Tuesday, House Republicans and Democrats grilled Equifax’s former chief executive over the massive data hack, calling the company’s response inadequate. Former Equifax CEO Richard Smith apologized for the compromise of such information as names, addresses, birth dates and Social Security numbers. Smith was the lone witness at the first of several Capitol Hill hearings this week. No current Equifax official testified.
“The criminal hack happened on my watch, and as CEO, I am ultimately responsible, and I take full responsibility,” Smith said. “I am here today to say to each and every person affected by this breach, I am truly and deeply sorry for what happened.”
Democrats favor legislation that they say would establish strong data security standards and prompt notification and relief for consumers when their information is hacked. But Republicans tamped down expectations for any congressional action as this year the GOP-led Congress has rolled back several Obama-era rules affecting businesses and the financial sector.
This comes as a cybersecurity adviser to President Donald Trump is pushing to phase out the use of Social Security numbers as a form of identification.
White House Cybersecurity Coordinator Rob Joyce said Wednesday that using a person’s Social Security number as an identifier or access control is “just a horrific idea.”
Joyce says a federal team is looking at “what the technologies are that could change or replace these identifiers,” such as using public key encryption.
He says there’s no specific timeline to make changes.
Joyce was among several federal officials speaking in Boston at the Cambridge Cyber Summit, hosted by CNBC and The Aspen Institute.
(© Copyright 2017 CBS Broadcasting Inc. All Rights Reserved. The Associated Press contributed to this report.)