A controversial no-bid contract the Internal Revenue Service granted Equifax amid the fallout of its recent cyberattack was a stopgap measure to prevent a taxpayer service from being shut off as the IRS attempts to move to a new vendor, officials testified Wednesday.
Equifax announced last month hackers had gained access to the personal information of nearly 150 million Americans. On Tuesday night, reports emerged that the IRS had granted a $7 million fraud-prevention contract to Equifax on Sept. 29, well after the breach was announced.
That contract raised eyebrows at a House Ways and Means Committee hearing about IRS information technology infrastructure held on Wednesday.
"The American people are sitting there this morning, saying, 'This is beyond abject failure, this is a management failure. If nothing, it shows the IRS structurally needs some reform and needs major change,'" said Rep. Jackie Walorski (R-Ind.).
But Jeffrey Tribiano, IRS deputy commissioner for operations support, testified that the contract was to continue the electronic authentication service Equifax had already been providing as the agency attempted to move that contract to a new vendor.
In July, after the IRS decided to replace Equifax with another company's successful bid, Equifax challenged the procurement. That challenge is currently under review at the Government Accountability Office (GAO).
With the procurement still unresolved, the IRS entered into a temporary contract with Equifax to maintain services.
"We had to either, one, stop the service, which means millions of taxpayers would not be able to get their transcripts, including those that are in need of it — like in the hurricane disaster areas, they use those tools to get their transcripts — or do a bridge contract with Equifax until GAO decides on the protest, and we move forward," Tribiano said.
Gina Garza, the IRS chief information officer, testified that the IRS sent investigators to Equifax to ensure its data had not been breached and to place additional safeguards on the 200,000 Social Security numbers that could potentially have been at risk.
The Ways and Means Committee was not alone in discussing Equifax Wednesday. The breach is slated to be the main focus of at least two other hearings.