Slashdot Mirror

← Back to Stories (view on slashdot.org)

IRS Awards $7 Million Fraud Prevention Contract To Equifax (politico.com)

Posted by ryuzaki0 on from the alternative-reality dept.

An anonymous reader quotes a report from Politico: The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans. A contract award for Equifax's data services was posted to the Federal Business Opportunities database Sept. 30 -- the final day of the fiscal year. The credit agency will "verify taxpayer identity" and "assist in ongoing identity verification and validations" at the IRS, according to the award. The notice describes the contract as a "sole source order," meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract. Lawmakers on both sides of the aisle blasted the IRS decision.

57 of 115 comments (clear)

  1. The IRS just stepped in it.... by Zurkeyon3733 · · Score: 3, Insightful

    Time to Start up a Class Action Against the IRS for ENABLING data compromised companies to perform government contracts involving IDENTITY! Appalling!

    1. Re:The IRS just stepped in it.... by Mitreya · · Score: 1

      Time to Start up a Class Action Against the IRS for ENABLING

      Heheh. We'll be lucky if lawsuit against Equifax gets us a $5 credit off our next credit freeze fee.
      Class Action against IRS will get you many years of free tax audits, though.

    2. Re:The IRS just stepped in it.... by evilRhino · · Score: 1

      The reality of the situation is that the IRS has been chronically underfunded because it suits the owners of the US government to not have anyone competent reviewing their books too closely. The idea that a private company be outsourced such sensitive data is ludicrous, but the IRS will never have the funding to do it in-house properly.

    3. Re:The IRS just stepped in it.... by JohnFen · · Score: 1

      This makes no sense. The IRS only does what Congress tells them to do. If the government wanted the IRS to not look at certain books, they could easily change the law to make that happen. No underfunding required.

    4. Re:The IRS just stepped in it.... by magarity · · Score: 1

      but the IRS will never have the funding to do it in-house properly.

      Whoa there; in years past the IRS has wasted whopping piles of money on failed IT projects that they don't outsource. The problem is not lack of funding but lack of competence, especially in project management.

    5. Re:The IRS just stepped in it.... by HiThere · · Score: 1

      Are you claiming that Equifax is better? Or just that Equifax doesn't make their mistakes public?

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    6. Re:The IRS just stepped in it.... by magarity · · Score: 1

      I'm claiming that I was replying to someone who said the IRS never has the funding to do IT projects in house.

    7. Re:The IRS just stepped in it.... by k6mfw · · Score: 1

      Something to think about... an accountant friend said IRS like many other agencies are having their budgets cut which means less staff. There was an auditor she has worked with (unlike popular perception many IRS auditors don't shake you down like gang members), occasionally auditor examines the numbers to be sure nothing is extreme. But with congress and the President constantly shaking down many govt agencies, some of the employees get fed up and quit, some retire, there are also early retirement "buy outs" so end result is less staff because they are usually not replaced. A smart young person will see this and think maybe look for some other place to work instead of being abused. IRS will not go away like the EPA but will have less competent people working for them. And result is sloppy operations.

      --
      mfwright@batnet.com
  2. Re:Swamp by The-Ixian · · Score: 4, Funny

    Someone should really drain that thing and build a castle...

    --
    My eyes reflect the stars and a smile lights up my face.
  3. Re:Swamp by TWX · · Score: 1

    Hell, if anything, the levee isn't draining the swamp, it's actually preventing the natural outflow and turning it into a lake!

    --
    Do not look into laser with remaining eye.
  4. capable by pD-brane · · Score: 5, Insightful

    Equifax is the only company deemed capable ...

    Since Equifax has shown to be very incapable (of exactly the things they should be capable of), what does this say about all other companies in this business?

    1. Re:capable by DarkOx · · Score: 1

      Equifax is the only company deemed capable ...

      In other news IRS procurement and partner evaluation procedures revealed to be incapable.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    2. Re:capable by EndlessNameless · · Score: 2

      Usually, being "deemed capable" implies being able to deliver a specific product or service in the exact manner that the requesting agency wants it.

      TransUnion and Experian may be better on any number of metrics, but if they cannot check off all the requirements then they are eliminated from consideration.

      That said, now would be a great time for those competitors to force the IRS to review its requirements. Half of the time, those important "sole source" contracts have a few bullshit requirements just to guarantee that some fly-by-night company can't come in and win.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  5. Re:Don't blame the IRS by Big+Hairy+Ian · · Score: 3, Interesting

    Also it looks like they didn't have any choice as Equifax laughably appears to be the only company on their approved supplier list for this service

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  6. Re:Don't blame the IRS by TWX · · Score: 5, Informative

    I may agree in other circumstances, but awarding a contract for fraud prevention to what's probably the largest victim of a form of fraud in human history- an entity that is now trying to deflect blame by citing conditions that they themselves created in the first place, is about as stupid as it gets.

    Equifax deserves to have its charter revoked, basically the corporate death penalty, with its assets liquidated and all of the proceeds going to a mitigation fund to attempt to combat the expected identity theft that the public will see in the upcoming years. Its officers should be prosecuted and if the ensuing investigation shows they were willfully negligent, the personal gains they made through those negligent actions should be confiscated through a civil forfeiture process as they're sentenced to jailtime. This is not the company that one awards a no-bid contract to.

    --
    Do not look into laser with remaining eye.
  7. Sole Source by BKuhl · · Score: 5, Funny

    Why is it a "sole source orderâoe? We have verified at least a few other parties have access to all the same data now....

  8. No worries... by seven+of+five · · Score: 2

    Their CEO and Chief Security Officer resigned, so the problem's fixed...

  9. It makes perfect sense by Chrisq · · Score: 2

    They will need a good fraud prevention program following the data breach by Equifax ... Oh wait!

    1. Re:It makes perfect sense by bluefoxlucid · · Score: 1

      Yeah well, nobody up there is doing it right.

      --
      Support my political activism on Patreon.
  10. Re:Don't blame the IRS by alvinrod · · Score: 1

    Well with the data leek, I think there are plenty of other people who could now provide the same services. Its just a matter of getting them approved I suppose.

  11. More regulations by Anonymous Coward · · Score: 3, Insightful

    It won't happen. Listen my fellow peasant, we have to just bend over and take it.

    And when we get the letter stating that our taxes have already been filed (probably by some illegal alien using our SSN to get his refund and CTC, EITC, ACTC), WE will be the ones that will have to spend the time filling out forms to prove that we are who we are.

    Then, every tax year, WE will have to provide the documentation stating that we are who we say we are.

    All because businesses are careless with the data they insist on collecting about us. It's no skin off of their asses.

    My wife's neurologist system was broken into and we got the letter stating that the break-in happened and "how they take patient privacy seriously".

    Dumb shits.

    Suck it up! There's nothing else to do!
    We NEED European style privacy laws and regulations because businesses cannot be trusted to take responsibility.

    1. Re:More regulations by Archangel+Michael · · Score: 3, Insightful

      A number is not proof of identity. It is a reference number to help establish that you are who you say you are. Having identifying information, like a Social Security Number is not proof of identity, it simply is a tool in what should be a chain of tools to help one verify (key word) identity.

      People who accept it as "proof" of identity are misusing it, and should be held accountable for that misuse. Any Line of Credit established without enough other evidence is itself evidence of lack of due diligence.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:More regulations by HiThere · · Score: 3, Insightful

      The problem is, when someone, say Equifax, collects the "other evidence useful for proof of identity", then they can impersonate you to anyone who don't personally know you. And if they share that information with some other entity, willingly or not, THAT entity can no impersonate you to anyone who doesn't know you.

      We aren't just talking about one piece of information here.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    3. Re:More regulations by Lost+Race · · Score: 1

      It is a reference number to help establish that you are who you say you are.

      Not quite. It is a reference number to help establish who you say you are. You need something else, like a secret or some unique biometric, to help establish who you are.

    4. Re:More regulations by Zurkeyon3733 · · Score: 1

      We don't need anything from EUROPEAN law. Period. You might WANT that. But we don't NEED it. Simply extend the protections of the Constitution to include protecting us from US Corporations (eg. Extend freedom of speech to EVERY speech focused platform), and bar the IRS from searches of persons or private info without a warrant. Including Financials... as it should be that way already. (With a requirement for a GOOD case of Probable...) They currently perform a warrant-less, suspicion-less search of your personal information EVERY time they audit someone. Basically, make the Supreme Court recognize that this is, and always has been, Illegal. Problem Solved.

  12. Re-open the bidding by mwvdlee · · Score: 4, Funny

    [quote]The notice describes the contract as a "sole source order," meaning Equifax is the only company deemed capable of providing the service[/quote]
    While that may have been true at the time of posting the order, pretty much every company has access to the same data as Equifax now.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    1. Re:Re-open the bidding by gtall · · Score: 1

      "every company has access to the same data as Equifax now" How do you figure? Do we know who exploited Equifax's alleged security? If it is the Chinese government, it would akin to an act of war to sell that information if the U.S. ever cottoned on to it.

    2. Re:Re-open the bidding by EndlessNameless · · Score: 1

      If Equifax is proving identity verification services, it's not just about the data.

      There is some complicated process by which the government requests identity verification. There are two things that make this process complicated:

      1. It complies with absolutely every federal privacy rule---because no bureaucrat is going to risk his job on something that does not comply with the law. The rules may or may not actually protect us, but they will be followed regardless.

      2. It interfaces with some arcane government IT system. So there is a painful accreditation process before it is allowed to communicate, and it is probably an enormous pain to support once it is working. It is entirely possible that their competitors saw the list of requirements and said, "Fuck it."

      If TransUnion or Experian cannot claim compliance with every regulation and support whatever bizarre IT nightmare the IRS has, then it doesn't matter what data they have.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    3. Re:Re-open the bidding by HiThere · · Score: 1

      An earlier story claimed that the original hacking group passed it on to a different set of hackers when they figured out how valuable it was. I interpreted that as meaning they'd already sold the access, the story figured that was proof it was a nation-state.

      So you can take your pick. Either it's already on the market, or it's in the hands of an unknown nation state...from which it will likely leak (eventually), because it won't hurt their employers, and somebody always needs more money.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  13. European style privacy laws by Anonymous Coward · · Score: 1

    My company is currently spending a lot of money and time to comply with Europe's new General Data Protection Rules whereby any person can request that their information be completely removed for a company's systems. The reason the company is taking it seriously is because the fines for non-compliance are set as a percentage of the company's revenue so they could be massive. Plus no other European company will do business with us unless we're compliant.

    Here in the USA though the moment most people hear "European style" they'll dismiss it as socialist and proudly remind you of how we value our freedoms here like the freedom to have a company compile vast amounts of sensitive data about you or the freedom to go bankrupt from medical bills or the freedom to never be able to afford to retire or the freedom to not be able to afford to go to college or the freedom to have your kids murdered in their classroom.

    1. Re:European style privacy laws by syn3rg · · Score: 1

      don't forget the freedom to have guns no subject needs.

      FTFY

      --
      The contents of this message have been doubly encrypted by ROT13
    2. Re:European style privacy laws by Zurkeyon3733 · · Score: 1

      Until someone tries to rape or stab you to death and there isn't a cop 2 blocks away... THEN you might think differently... a LOT differently. Gun Grabbers FAIL to think it through. CRIMINALS WILL NEVER DISARM. By you doing so or forcing others to, you simply WEAKEN your chances of survival in an attack. Of ANY kind. When someone bombs a building, you blame the bomber, when someone hijacks a plane, you blame the hijacker, when someone shoots up a concert, you blame the GUN? FFS! Pull your sheeple heads out of your asses! Out of an estimated 220 MILLION guns in America, less than 1000 have EVER been involved in a mass shooting. LET THAT MATH SINK IN!

  14. Re:Don't blame the IRS by cayenne8 · · Score: 1

    Also it looks like they didn't have any choice as Equifax laughably appears to be the only company on their approved supplier list for this service

    Aren't there like 3 of these major credit agencies?

    Transunion...and another one.

    I was about to say that the Feds have used Acxiom to clean up data before...but I think they may own Transunion, so, that might be redundant.

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  15. So you fuck up and you get PAID ?! by UnknownSoldier · · Score: 2

    WTF.

    1. Re:So you fuck up and you get PAID ?! by PPH · · Score: 2

      Rule 1 of corporate administration: Heads always roll uphill.

      --
      Have gnu, will travel.
  16. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  17. This IRS calling to check your identity we need yo by Joe_Dragon · · Score: 4, Funny

    This IRS calling to check your identity we need your
    Name
    Address
    SS number or tax ID number

  18. Re:Wait, WHAT? by K.+S.+Kyosuke · · Score: 2

    Remember, no bad deed goes unrewarded.

    --
    Ezekiel 23:20
  19. Well, of course! by drinkypoo · · Score: 1

    Equifax just proved that they have the necessary data...

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  20. Re:To be fair... by tomhath · · Score: 1

    The decision was no doubt made weeks ago. The announcement had to be made by Sept. 30 so it was in the right fiscal year budget - use it or lose it.

  21. Re:Don't blame the IRS by Kierthos · · Score: 1

    Experian is the the third big one.

    But depending on any number of things, TransUnion and Experian might not meet some qualification to run this program. But through the magic of government bureaucracy and loopholes, Equifax does.

    Go figure.

    --
    Mr. Hu is not a ninja.
  22. Re:award to equifax just a small contract by JohnFen · · Score: 1

    Personally, I don't care about the amount of the contract. If it were for $100, that would make it no less objectionable.

    The serious problem here is hiring a company who is demonstrably incapable of detecting or preventing fraud in a role of fraud prevention.

  23. Re:Don't blame the IRS by Anonymous Coward · · Score: 2, Informative

    Equifax is not actually preventing fraud. I worked a similar project where another government agency was also trying to prevent fraud and abuse, and we used Equifax as a data source specifically to confirm identities. You provide them certain information (first name, last name, date of birth, address, etc. etc.) and they would confirm whether you had the correct person, often filling in the blanks. The agency would then use that information, along with other inputs, to determine whether fraud was being committed.

    The IRS is doing the same thing - given the information available, Equifax will confirm whether the IRS is looking at the correct person. While I agree that Equifax needs to get their house in order or even be completely shut down, the contract awarded does speak to the fact that there are precious few identity providers out there. In fact, this may just go to show how much congress would NOT wish to sign the Equifax death certificate when they have much to lose in the way of services provided by Equifax.

  24. Government Level Stupidity by zeugma-amp · · Score: 2

    There is a reason we call it "Government Level Stupidity".

    --
    This is an ex-parrot!
  25. Re:Don't blame the IRS by JohnFen · · Score: 1

    otherwise NOTHING will happen.

    Doing nothing would be far preferable to putting a criminally incompetent company in this role.

  26. In other news... by bryanp · · Score: 2

    The Dept. of Human Services has awarded a contract to a company formed by OJ Simpson, Robert Blake, and Scott Peterson to do research into domestic violence prevention and awareness.

    --
    "An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
  27. gee by bugs2squash · · Score: 1

    you have to wonder what could have happened to make such fraud prevention measures necessary.

    --
    Nullius in verba
  28. Re:Pontius Pilate by JohnFen · · Score: 1

    That's a good point. On the other hand, Congress has historically been very good with telling the IRS to do things that are very unpopular while at the same time blaming and directing the outrage about it at the IRS.

  29. Re:This IRS calling to check your identity we need by Voyager529 · · Score: 1

    This IRS calling to check your identity we need your
    Name
    Address
    SS number or tax ID number

    Hello, IRS agent! It's on the internet now, so by all means, feel free to download it.

  30. Is this another example of "draining the swamp"? by Lost+Penguin · · Score: 1

    I think "swamp" is the alt-rights" code phrase for Treasury....

    We have heard that the government doesn't work, so elect "so and so"; if they get elected, they then break the (previously working) government exactly as they described, and say it never worked.

    --
    I am the unwilling control for my Origin.
  31. What!? by DaMattster · · Score: 1

    Equifax just showed the world their absolute ineptitude and now the IRS wants to give them a contract with sensitive information!? Oh boy! Now I have seen absolutely everything. Lightning may strike me dead because I really and truly can see nothing more.

  32. Let's hear from lovers of taxes by mi · · Score: 1

    Let's hear from the crowd, who like to pay taxes — because that's how they buy civilization .

    They seem kind of quiet today for some reason...

    --
    In Soviet Washington the swamp drains you.
  33. What's the word? Hmm. by bill.pev · · Score: 1

    So, if I understand correctly, an organization who whose sensitive personal data (on almost every US taxpayer) has been compromised, is now being paid to be the sole source of verification for that very same information. What could go wrong?

    I realize I am at odds with 50% of the American Electorate, but perhaps we need to get specific on who exactly is in this swamp that needs draining. Ajit Pai is cool? Equifax is legit? And people support these positions? WTF.

    I don't know the exact word for state of Anarchy in which The Authority is itself is the source of the chaos and disorder. But, this seems to be current policy doctrine, supported by a large part of the electorate, for God Knows what reason. (Literally.)

  34. Re:Don't blame the IRS by JeffOwl · · Score: 1

    But the point is that now the Bad Guys(TM) have all the information Equifax has and therefore using data from Equifax to prevent ID fraud seems kinda dumb.

  35. More misleading than fake by tomhath · · Score: 1

    The IRS tried to replace Equifax back in July when it awarded the contract that was competed to another company.

    Equifax was the incumbent and protested the award.

    In order to keep the service available to taxpayers, the IRS awarded Equifax a "bridge contract" until the protest is resolved.

    So the IRS did everything right, the normal red tape prevented it from reacting to the security breach when it happened.

  36. WTF by dcw3 · · Score: 1

    The damned credit agencies can't even get my address right. I've ran 3 agency checks several times over the last few years, and found multiple errors, and yet the government wants to rely on these jackasses? They should be sued into oblivion for not getting their shit straight. I'm currently fighting with one of them over a phony bill from MCI...yes, MCI. I had used them at an old address that I moved away from back in '02, and yet MCI posted that I owe them about $50 as of 2013...eleven years after I no longer had an account with them. I could easily pay off MCI, but am fighting it on principle.

    --
    Just another day in Paradise
  37. DID I WAKE UP IN A PARALLEL UNIVERSE? by Christinagirl1 · · Score: 1

    Did I wake up in a parallel universe? Think of every possible expletive than dream of shoving them up the tail of this huge asses.