IRS Suspends Equifax Contract after Data Breach

The IRS has reportedly suspended the $7.2 million no-bid contract awarded to Equifax to verify the identity of taxpayers when they create accounts on the website.

According to Politico, the IRS has announced a short-term suspension of its contract with Equifax. The suspension means taxpayers will no longer be able to establish new accounts through ‘Secure Access’ a program which grants them access to online records and transcripts. Taxpayers who already have accounts will not be affected.

The suspension comes just over a month after Equifax disclosed a major data breach wherein hackers stole the personal information of over 145 million U.S. consumers. The breach resulted in Equifax leaking data including social security numbers, birth dates and other personally identifiable information of nearly half the U.S. population.

The IRS is reportedly planning to continue reviewing the security of Equifax’s framework and systems throughout the suspension. The suspension comes despite the IRS previously stating its ‘hands were tied’ with no choice but to keep its contract with Equifax.

Agency spokesman Matthew Leas stated:

The IRS emphasized that there is still no indication of any compromise of the limited IRS data shared under the contract. The contract suspension is being taken as a precautionary step as the IRS continues its review.

Equifax is under fire again after a security analyst discovered the website was serving up malware by redirecting users to a malicious page. However, Equifax insists that its systems were not compromised and blamed the issue ona third-party vendor.

“Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal,” a spokesperson for the credit reporting agency said in a statement. “The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content. Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”