IRS Suspends Equifax Contract for Fraud Prevention
October 12, 2017 - File this under, "What were they thinking?" Last month, after Equifax announced that it had been hacked and exposed the personally identifiable information on 150 million Americans, the IRS decided to reward the company by giving them a $7 million contract to prevent fraud on the IRS's website. Let that sink in for a minute. Yesterday, Equifax was forced to announce that its own website had been compromised and infected with malware. So now the IRS has decided to suspend its contract with the company pending an investigation, but one has to wonder why on earth they were awarded the contract in the first place.
Just in case you are getting tired of reading about the Equifax breach, we'd like to make it clear that we're also tired of having to write about it. Unfortunately, it is the gift that just keeps on giving. For the past week or so it seems there have been almost daily announcements having the do with Equifax… and now the IRS… and none of them have been good.
Under the terms of the company's agreement with the IRS, Equifax is supposed verify the identities of people seeking online access to tax documents stored at the IRS. Presumably, the company is supposed to use the very same data it failed to protect in the first place to make those verifications. Given the fact that much of the data being used to verify identities is now widely available on the internet, it isn't clear to us how the company could provide the IRS or anyone else with a service to verify identities… but what do we know?
The latest "compromise" of Equifax's website is just icing on the cake. A third-party security company determined that a page on Equifax's site had been included a fake installer for Adobe Flash. Anyone who agreed to the install had their computer infected with Malware.
According to a report in Engadget, Equifax is stating that their site wasn't hacked. They are blaming another vendor who had access to their site for placing the code on their pages. Regardless of how the code got onto their page, this entire story reeks of incompetence. Incompetence on the part of Equifax and on the part of the IRS. Frankly, you can't make this stuff up!
The only thing that may provide a light at the end of the tunnel for consumers is that there are now bipartisan calls to give consumers the ability to freeze their credit files - and lift freezes on their credit files - free of charge and at the drop of a hat. In the video below, Richard Cordray (Director of the Consumer Financial Protection Bureau) talks about the changes he thinks may be coming for credit reporting agencies.
Identity Theft 
