Press Releases

DelBene Demands IRS Explain New Contract with Equifax

f t # e
Washington, October 3, 2017 | comments

WASHINGTON, D.C. – Congresswoman Suzan DelBene (WA-01) today wrote to IRS Commissioner John Koskinen demanding answers as to why the agency would contract with Equifax, the company responsible for the massive security breach of nearly half of Americans’ information.

“I write with deep concern over the recently reported decision by the Internal Revenue Service (IRS) to award a no-bid contract to Equifax,” DelBene’s letter stated. “I must question the IRS’ decision to move forward with this contract in light of the ongoing investigations into these incidents, and the general fitness of this company as a federal government contractor to perform functions that are not unrelated to the massive failures outlined above. I request a prompt response on the reasoning behind this decision, as well as a comprehensive explanation of alternatives to this seemingly reckless use of taxpayer dollars.”

Equifax’s security breach compromised the Social Security numbers, addresses and drivers license numbers of 145 million people – one of the largest exposures in history. Despite concerns over its security systems, a recent news report suggest the IRS will pay Equifax a $7.25 million contract to verify tax payer identities and personal information.

DelBene serves on the House Ways and Means Subcommittee on Oversight, which has jurisdiction over the IRS.

Text of DelBene’s letter follows:

Dear Commissioner Koskinen,

I write with deep concern over the recently reported decision by the Internal Revenue Service (IRS) to award a no-bid contract to Equifax for the purpose of procuring “third party data services . . . to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the Service.” This contract, worth $7,251,968.00, was awarded on September 29, 2017. This award was made after it was widely known that Equifax is responsible for arguably one of the worst data breaches to occur in the United States.

As you know, some 145 million Americans may have had their most sensitive personal information breached after Equifax failed to execute a critical software patch to fix a known vulnerability that left their customers compromised. The individuals who are impacted are now scrambling to protect themselves after learning that their names, social security numbers, addresses, birth dates, driver’s license and credit card numbers may have been stolen.

Making matters worse, the company’s response to this massive intrusion into the financial and personal records of millions of Americans was delayed, disorganized, and wholly inadequate given the scale of the attack and the clear role that Equifax played in allowing this to happen. Consumers were left without clear information, without accessible channels of communication with company representatives, and instead confronted misinformation along with platforms that demonstrated an ongoing lack of attention to basic cyber hygiene, let alone security measures adequate enough to protect the vast troves of sensitive information that Equifax has been entrusted with.

I must question the IRS’ decision to move forward with this contract in light of the ongoing investigations into these incidents, and the general fitness of this company as a federal government contractor to perform functions that are not unrelated to the massive failures outlined above.

I request a prompt response on the reasoning behind this decision, as well as a comprehensive explanation of alternatives to this seemingly reckless use of taxpayer dollars.

###

f t # e