Under-fire credit agency Equifax has been awarded a $7.3m government contract to help protect taxpayers from identity fraud, despite having itself breached the details of over 145 million Americans, it has emerged.
Details of the $7,251,968 contract were posted to the Federal Business Opportunities site last week.
It brands the job as a “critical service that cannot lapse”, adding the following:
“This action was to establish an order for third party data services from Equifax to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the [Internal Revenue] Service.”
It is described as a “sole source order”, meaning that Equifax was the only firm to be offered the contract.
The news has astounded politicians on both sides of the political spectrum.
"In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed," Senate finance committee chairman Orrin Hatch (R-Utah) told Politico in a statement.
Democrat representatives Earl Blumenauer and Suzan DelBene have written to IRS commissioner John Koskinen demanding an explanation.
“I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true," Blumenauer reportedly wrote.
Former Equifax CEO Richard Smith was put in front of congressional committee hearing this week and apologized for mistakes which led to the massive breach.
He also used the spotlight to call for an end to Social Security numbers, claiming the country needed “to think beyond” the identifiers.
“What is a better way to identify consumers in our country in a very secure way? I think that way is something different than an SSN, a date of birth and a name,” he said, according to Bloomberg.
In fact, the White House agrees, and cybersecurity coordinator, Rob Joyce, claimed officials are already looking at alternatives, including a “modern cryptographic identifier.”