The suspension comes after additional security incidents at Equifax.
After attempting to explain why it awarded a $7 million sole-source contract to Equifax after the company experienced one of the largest data breaches in history, the IRS has opted to temporarily suspend the deal.
The decision came late Thursday after hackers altered one of Equifax’s credit report websites, directing it to deliver malware to users visiting the website. Equifax took the website offline but blamed the issue on a third-party vendor and said its internal systems were not compromised.
Nonetheless, citing “new information available” Thursday, the IRS announced it was suspending its contract with Equifax, which will prevent taxpayers from creating new accounts in the IRS’ Secure Access program. The agency said existing account holders will be unaffected, but new users will have to order transcripts through the mail.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
“The IRS temporarily suspended its short-term contract with Equifax for identity proofing services. During this suspension, the IRS will continue its review of Equifax systems and security. The IRS emphasized that there is still no indication of any compromise of the limited IRS data shared under the contract. The contract suspension is being taken as a precautionary step as the IRS continues its review,” the IRS said in a statement.
The IRS’ initial decision to award the sole-source contract to Equifax angered lawmakers of both parties last week, including Rep. John Ratcliffe, R-Texas, who chairs the House Homeland Security Subcommittee on Cybersecurity. Ratcliffe said the Homeland Security Department ought to use the same authorities to squash the IRS contract that it used in banning Kaspersky products.
The IRS previously defended its decision, saying it was caught between a contract expiring on Sept. 29 and waiting for a Government Accountability Office ruling about a bid protest made by Equifax after losing the recompeted contract.
GAO quickly took issue with the IRS’ assessment and, in a lengthy statement, explained other options the IRS could have exercised under contracting law to avoid issuing Equifax a bridge contract.