Rep. John Ratcliffe (R-Texas), chairman of the House Homeland Security subcommittee on cybersecurity, is urging the Department of Homeland Security (DHS) to review and possibly intercede upon a controversial $7 million contract between the IRS and Equifax.

Under the Federal Information Security Modernization Act, DHS has the ability to issue “binding operational directives” when contracted services have “a known or reasonably suspected information security threat, vulnerability, or risk.”

The IRS deal with Equifax is a stopgap measure for Equifax to continue providing online fraud prevention services as the IRS awaits permission to replace Equifax with a new provider. The contract was finalized just weeks after Equifax announced a historic data breach, impacting as many as 145 million Americans.

{mosads}

“A multi-million dollar contract with a company that just recently displayed cybersecurity negligence of epic proportions is significantly degrading to public trust,” Ratcliffe said in a statement released Wednesday night.

“I urge DHS in the strongest possible terms to consider using the authorities granted from FISMA and the Cybersecurity Act to address this troubling development,” he wrote.

The IRS accepted a bid from a replacement vendor in July, but Equifax contested losing the deal. That decision now falls on the Government Accountability Office. But as that office mulls the new vendor, the old Equifax contract was set to expire. 

At a hearing on Wednesday, IRS officials said the contract reflected a decision not to shut down a service while the new vendor’s contract was in limbo.

The DHS recently issued a binding operational directive in a different high-profile case, requiring federal agencies to cease using products from Moscow-based vendor Kaspersky Lab