IRS Suspends Equifax Contract After Another Cybersecurity Breach

Following reports in the last week that the consumer credit company Equifax experienced another breach of its website, the IRS has announced the suspension of a $7.25 million contract with the company.

Screenshots and videos taken during visits to the Equifax site over the last week show attempts to redirect users to a site known to distribute malware via pop-up windows designed to look like notifications from Adobe Flash. Various independent and crowd-sourced investigations into the breach indicated it may have been caused by a vulnerability exploited through a third-party advertising vendor.

The latest incident comes on the heels of the widely-reported May hack of Equifax that exposed sensitive data (including social security numbers) of nearly 1 in 3 Americans, making it one of the largest data breaches of all-time.

The contract with Equifax had already been the source of frustration, with many (including lawmakers) complaining that the company had lost the public’s trust in the wake of the major cybersecurity breach. Previously, the IRS had argued it was essentially forced into the no-bid contract when Equifax protested the agency’s attempt to give the contract to a new vendor.

According to Jeffery Tribiano, the IRS’ deputy commissioner for operations support, the protest put the agency in the situation of choosing between renewing the contract or stopping the e-verify service for which Equifax is responsible.

“So when we came down to Sept. 29 when the Equifax contract expired, we had to either stop the service, which means millions of taxpayers would not be able to get their transcripts, including those that are in need of it, like in the hurricane disaster areas they use those tools to get their transcripts, or do a bridge contract with Equifax until GAO decides on the protest and we move forward,” Tribiano said.

According to FedScoop, “GAO has 100 days from a protest filing to render a decision on whether to accept or deny it, but within that span, agencies can opt for dispute resolution or other negotiations options to resolve the protest.”

 

 

Posted in Featured News

Tags: cybersecurity, IRS

Print

FEDmanager

FEDmanager.com

The free weekly e-report for Federal Executives, Managers & Supervisors

About FEDmanager

Click to learn more about us

Get in touch with us

Email FEDmanager publisher

Copyright 2018 FEDmanager.com
Hosted by Peak Media Company, LLC