By now, everyone has probably heard about the security breach at Equifax that likely exposed the personal information of more than 145 million Americans. Who stole the information and what they plan to do with it remains unknown.
Last week, the IRS faced questions as Politico reported it had recently finalized a contract agreeing to pay Equifax $7.25 million to help it detect fraud. The contact was a “sole source order” meaning it was not open for bids from multiple providers. It issued on the last day of the fiscal year – September 30.
An ongoing relationship
Equifax told the Service that none of its data was part of the breach. Equifax had been providing similar services prior to the recent contract.
The IRS completed an internal review and on-site visit with Equifax and concluded that there was no risk to IRS data or systems, according to a statement.
Unfortunately, the company did not report the breach immediately and several executives are under criminal investigation for dumping shares of stock prior to the announcement. These factors do not bolster trust.
Monitoring for tax fraud related to the breach
The IRS had not yet identified any tax fraud, but most tax fraud occurs during filing season. The service said that it would continue to closely monitor the situation.
How do you know if your Social Security number was part of the breach? It’s hard to know and the company has not provided clear guidance.
The IRS guidance for avoiding identity theft includes using security software, firewalls, creating strong passwords and watching out for phishing schemes. After you become aware of identity theft, file a complaint with the FTC. If an efiled return rejects with an error of a duplicate filing on your SSN, contact the IRS and complete Form 14039.
An Onion headline
One of the Representatives who wrote to John Koskinen expressing concerns, initially thought his staffers had brought him a story from the Onion, a satirical newspaper. And last month, Senator Orrin Hatch questioned whether the IRS had the technology needed to safeguard the tax administration system.
The good news: the Service has received $106.4 million from Congress earmarked to upgrade technology and prevent identity theft. It might be time to revisit whether Equifax is the right partner in fraud detection however.