Equifax, the company with such poor cyber security protocols that they allowed one of the largest data breaches in American history to happen right under their noses, has been awarded a no-bid government contract worth more than $7 million to handle security for the IRS. This means that the next time the company gets hacked, hackers could gain access to the Social Security numbers, addresses, and financial documents on every single American citizen. Ring of Fire’s Farron Cousins explains why this might be the stupidest decision yet by the Trump administration.
The credit monitoring firm, Equifax, who most people remember allowed hackers to have access to the personal data of 145 million Americans over the summer, has been rewarded with a seven million dollar no-bid contract from the IRS to make sure that their cybersecurity is up to par and to verify the identities of people who make payments or file their taxes with the IRS. Basically the company that couldn’t be trusted with our personal financial data, is now being given access to the personal financial and income data as well as Social Security numbers and addresses of literally every single citizen in the United States of America.
Now let’s rewind and go back to the very beginning of this Equifax hack. Hackers had access to the personal data of 145 million American citizens in addition to as many as 80 million non-US citizens for two and half months before the company even realized what the hell was going on. And then after they realized that all of this data had been stolen, did they immediately alert the public? Did they let the people who had their data stolen know about it? No. They sat on their hands for almost a month and a half before they let anyone know that there had ever been a data breach.
For some reason the IRS on September 30th said, “You know what? Remember that company that was in the news, the company that takes our data without us even knowing about it and then accidentally leaked it to hackers for two and a half months? Why don’t we let them run everything we do here in the IRS?” Because that is basically what happened. At the time this contract was awarded, the IRS knew what had happened with Equifax. So did they seek out other companies? Did they take bids from other companies? No. This is what’s known as a sole source contact meaning the IRS decided that Equifax was the only company in this country capable of doing what they wanted to do which again, provides some cybersecurity measures, which is dangerously ironic, in addition to verifying the identity of people who file their taxes and make payments to the IRS.
With the data breach that took place, there is evidence to suggest that Social Security numbers of some people were stolen but what’s going to happen if the exact same situation happens now? Because Equifax is going to have a direct line right into the IRS. Hackers could use that channel to go in and literally take whatever they want, about anybody they want, as long as they are an American citizen. They don’t even have to be a taxpayer. If you’ve been claimed on someone else’s tax form in the past as a dependent, guess what? Your data could now possibly be stolen because we’ve put one of the worst companies in the country in charge of verifying the identity of people who filed taxes with the IRS.
Now, the Trump Administration has made a lot of stupid decisions since they came into power but giving one of these companies that has no control over their own cybersecurity access to all of our tax data, that kind of ranks up there with one of the dumbest possible ideas anyone could ever come up with. But of course, that’s the Trump Administration for you.