Senate Finance Committee Chairman Orrin Hatch (R-Utah) and Ranking Member Ron Wyden (D-Ore.) questioned a recent $7.25 million Internal Revenue Service (IRS) contract awarded to Equifax, which is currently under scrutiny for a massive data breach that exposed the private information of more than 145 million Americans.
The senators, who are actively investigating how the data breach could impact Americans and federal agencies, asked IRS Commissioner Koskinen to further explain the agency’s actions in a letter today.
The full letter may be found here and below:
Dear Commissioner Koskinen:
Last month the Committee wrote to Equifax regarding the data breach that is now estimated to have exposed the personally identifiable information of at least 145 million Americans. Committee staff has been briefed by IRS and by Treasury Inspector General for Tax Administration staff on their preliminary assessments of the potential consequences this breach presents to the IRS. A full understanding of the breach, including an ongoing investigation by the Federal Bureau of Investigation, has yet to be concluded, but it is clear that Equifax failed to maintain adequate system maintenance, surveillance, and security.
We were taken aback when it came to our attention that last week the IRS awarded Equifax a sole source contract worth over seven million dollars for “verify[ing] taxpayer identity and ... assist[ing] in ongoing identity verification and validations needs of the Service.” To help us better understand IRS’s new and existing contracts with Equifax, we ask that you provide the following information.
- A copy of the contract and describe in detail the services Equifax will perform under this contract
- Why was this awarded as a sole source contract especially in light of the recent breach?
- What steps is the IRS taking to ensure that Equifax is protecting taxpayer information?
- Provide a copy of every active contract between IRS and Equifax.
We ask that you provide this information to the Committee no later than October 11, 2017.
Thank you in advance for your prompt response to this request. As always, we also ask that you answer the questions on a question by question basis, indicating which questions that you are answering.