WASHINGTON, DC – In an effort to protect the financial well-being of consumers and taxpayers, U.S. Senators Jack Reed (D-RI), Tim Scott (R-SC), Jon Tester (D-MT), and several of their colleagues are urging the Internal Revenue Service (IRS) to rescind its recently issued $7.2 million Equifax contract after the company was breached jeopardizing the personal financial data of more than 145 million Americans.

Following the massive data breach that put names, Social Security numbers, addresses, driver’s licenses, and birthdates at risk, the IRS last week issued a multi-million dollar contract to Equifax to verify taxpayers’ identities.  Under the terms of the contract, Equifax will “verify taxpayer identity and assist in ongoing identity verification and validation needs of the IRS.”

“This is a matter of public trust.  The IRS has a solemn obligation to protect Americans’ financial data, and Equifax clearly failed to protect the personal information of millions of consumers.  Equifax should not be rewarded with a multi-million contract to verify anything on behalf of the IRS,” said Senator Reed, a senior member of the Banking Committee.

In a letter to the IRS, Reed, Scott, Tester, and four of their colleagues wrote: “Given the recent cyber-attack at Equifax, it’s unfathomable how the IRS could knowingly issue a multi-million-dollar contract to a company that carelessly handled the personal information of more than 145 million Americans, putting their identities and personal financial wellbeing at risk.  Nearly one half of the entire population of our nation was impacted by the Equifax breach and we have no assurances that our constituents’ personal information is safe in their hands.”

The Senators also noted that while there are ongoing investigations into the breach, that impacted 495,177 Rhode Islanders, 2.4 million South Carolinians, and 367,000 Montanans, Equifax should not be receiving any taxpayer money.

“These actions prove that the IRS should immediately rescind this contract and look for ways to address its needs without putting taxpayers’ information at risk. The IRS’s contract award to Equifax is a clear disregard for the millions of Americans who had their personal information carelessly stolen by Equifax, and we hope you reconsider this matter,” the Senators concluded in their letter.

In addition to Reed, Scott, and Tester, the letter was also signed by U.S. Senators Sherrod Brown (D-OH), Heidi Heitkamp (D-ND), Robert Menendez (D-NJ), and Chris Van Hollen (D-MD).

The full text of the letter follows:

Dear Commissioner Koskinen:

As members of the Senate Banking Committee, we write today with great concern about a contract the Internal Revenue Service (IRS) awarded to Equifax Information Services LLC on September 29, 2017.  This contract, award number—TIRNO17K00497—was issued by the IRS to Equifax “to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the Service.” It’s our understanding that this contract was issued as a sole source order and that the IRS will pay Equifax $7,251,968 in taxpayer funds to provide these verification services. While we understand the IRS’s need to verify taxpayer identities to help support the IRS’s core mission and help it ensure that tax returns and refunds are properly administered, we strongly urge you to rescind this contract and look for other ways to verify taxpayers’ identities.

Given the recent cyber-attack at Equifax, it’s unfathomable how the IRS could knowingly issue a multi-million-dollar contract to a company that carelessly handled the personal information of more than 145 million Americans, putting their identities and personal financial wellbeing at risk. Nearly one half of the entire population of our nation was impacted by the Equifax breach and we have no assurances that our constituents’ personal information is safe in their hands.

After learning of the cyber-attack, Equifax executives waited days to notify law-enforcement of the hack, and they brazenly kept the breach from their primary regulators and the American public for nearly six weeks. There is also an ongoing investigation into reports that certain executives may have committed insider-trading violations prior to the companies’ public disclosure of the incident.  It is inappropriate to send this company American taxpayer dollars while this and other investigations and reviews continue.

These actions prove that the IRS should immediately rescind this contract and look for ways to address its needs without putting taxpayers’ information at risk. The IRS’s contract award to Equifax is a clear disregard for the millions of Americans who had their personal information carelessly stolen by Equifax, and we hope you reconsider this matter.  We appreciate you hearing our request. We look forward to hearing from you in a timely manner. 

Sincerely,