IRS Suspends Contract With Equifax After Malware Discovered - NewsOn6.com - Tulsa, OK - News, Weather, Video and Sports - KOTV.com |

NEWS

IRS Suspends Contract With Equifax After Malware Discovered

Posted: Updated:

The IRS said late Thursday that it has temporarily suspended the agency's $7.1 million data security contract with Equifax (EFX) after malware found on the credit bureau's website again called its security systems into question. 

Equifax, now notorious for exposing more than half of all adult Americans to identify theft, maintained the latest security breach was not officially a hack. 

An Equifax vendor was "running code that was serving malicious content" on the Equifax site, the company said in a statement. "Since we learned of the issue, the vendor's code was removed from the webpage and we have taken the webpage offline to conduct further analysis."

However, consumers who were using the site could easily have been tricked into downloading malware when visiting the Equifax help page, an oversight that experts said put people further at risk. The nation's largest information technology trade group is urging the government to cancel Equifax's now suspended contract with the IRS.

"Equifax is known publicly to have security breaches, and they are not correcting them," said Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers, which represents 50,000 IT managers in 126 countries. "Why are we spending all this money to give our data to a company that has clear problems with the technology?"

Equifax's latest problem was discovered Wednesday by a private security consultant who realized the company's consumer help page was serving up malware that aimed to get unsuspecting consumers to download fraudulent Adobe updates. 

In September, Equifax revealed that it had exposed 143 million consumer files -- containing names, addresses, Social Security numbers and even bank account information -- to hackers in an unprecedented security lapse. The number of consumer potentially affect by the data breach was later raised to 145.5 million.

The company's former CEO blamed a single careless employee for the entire snafu. But even as he was getting grilled in Congress earlier this month, the IRS was awarding the company with a no-bid contract to provide "fraud prevention and taxpayer identification services."

"On the very day that Equifax's former chief executive misled Congress by scapegoating a single employee for their second major data breach in four years, the IRS announced that it was awarding the company with a contract which will allow it to leak out even more personally identifiable information about taxpayers," Rembiesa said. 

"The prospect of this happening should horrify any elected official who is charged with looking out for the welfare of American consumers," she added. "Congress needs to slam on the brakes here and kill this IRS contract."

The tax agency stopped short of that, at least for the moment.

"Following new information available today, the IRS temporarily suspended its short-term contract with Equifax for identity proofing services," the agency said in a statement. "During this suspension, the IRS will continue its review of Equifax systems and security."

The agency does not believe that any data the IRS has shared with Equifax to date has been compromised, but the suspension was taken as "a precautionary step." 

In the meantime, the IRS will be unable to create new "Secure Access" accounts, which can be used to order tax court transcripts online. Although people can't create new accounts, current Secure Access users aren't affected by this contract change and will continue to have access to their accounts, the agency said. And these transcripts can still be ordered by mail. 

Other IRS services are unaffected.

Special Features

iPhone App

Get breaking news, weather, sports & video directly on your iPhone.

Politics

Breaking political news & the latest headlines from the state capitol & D.C.

Radars

See where weather is happening using our live interactive radars.

Technology

Spend your money wisely with reviews of new tech gadgets & the latest news in technology.

TV Schedule

Need to know what's on TV? Check out our television schedule.

Live Radar

WARN Interactive
Powered by Frankly
News On 6
303 N. Boston Ave.
Tulsa, OK 74103
Newson6.com is proud to provide Oklahomans with timely and relevant news and information, sharing the stories, pictures and loves of Oklahomans across our great state.
All content © Copyright 2000 - 2017 KOTV. Oklahoma Traveler™ is a registered trademark of Griffin Communications. All Rights Reserved.
For more information on this site, please read our Privacy Policy, and Terms of Service, and Ad Choices.