IRS suspends Equifax contract following malware page

The agency suspended a $7.25 million contract with Equifax following news that one of its webpages exposed users to potential malware attacks.
(Getty Images)

The IRS suspended a $7.25 million contract with Equifax following news that one of the credit reporting service’s web pages exposed users to potential malware attacks.

The agency had already been taking heat from lawmakers over awarding the contract—which called on the company to provide taxpayer identity verification services—following the disclosure that a hack had exposed the information if 145.5 million people.

Reports emerged on Oct. 12 that an Equifax webpage contained fake Adobe Flash update links that would deliver malware to any user who clicked on them. Equifax later took the webpage down.

Late on Oct. 12, the IRS said that it was temporarily suspending the contract, a move applauded by lawmakers.


“After sending a bipartisan letter to Commissioner Koskinen expressing our concerns, we are pleased to see the IRS suspend its contract with Equifax and look forward to the agency’s response to our inquiries,” House Energy and Commerce Committee Chairman Rep. Greg Walden, R-Ore., and Subcommittee on Digital Commerce and Consumer Protection Chairman Rep. Bob Latta, R-Ohio, said in a joint statement.

IRS officials argued prior their hand was forced on the awarding of the sole-source contract because Equifax, the incumbent contractor on a previous deal, had protested the July decision to give it to another vendor.

The protest was being evaluated by the Government Accountability Office, but IRS officials told Congress that they were concerned that the contract could expire before a resolution could be made, jeopardizing the functionality of the e-verify service for users.

Jeffery Tribiano, IRS deputy commissioner for operations support, told the House Ways and Means Committee that as a result of Equifax’s protest, the agency’s only option was to effectively renew the no-bid contract with the Atlanta-based company.

“So when we came down to Sept. 29 when the Equifax contract expired, we had to either stop the service, which means millions of taxpayers would not be able to get their transcripts, including those that are in need of it, like in the hurricane disaster areas they use those tools to get their transcripts, or do a bridge contract with Equifax until GAO decides on the protest and we move forward,” he said.


But the GAO told Politico on Oct. 5 that the IRS did not have to award the contract to Equifax, explaining that federal agencies possess “the tools to move forward under appropriate situations.”

GAO has 100 days from a protest filing to render a decision on whether to accept or deny it, but within that span, agencies can opt for dispute resolution or other negotiations options to resolve the protest.

As a result of the contract suspension, new users will not be able to access e-services like Get Transcript. Existing users can still utilize the services.

Carten Cordell

Written by Carten Cordell

Carten Cordell is a Senior Technology Reporter for FedScoop. He is a former workforce and acquisition reporter at Federal Times, having previously served as online editor for Northern Virginia Magazine and Investigative Reporter for, Virginia Bureau. Carten was a 2014 National Press Foundation Paul Miller Fellow and has a Master’s degree from the Medill School of Journalism at Northwestern University. He is also a graduate of Auburn University and promises to temper his passions for college football while in the office.

Latest Podcasts