IRS awards $7M fraud-prevention contract to Equifax

The no-bid contract, which pays $7.25 million, is listed as a “sole source” acquisition, meaning the IRS has determined Equifax is the only business capable of providing this service—despite its involvement in potentially one of the most damaging data breaches in recent memory.

By now my opinion about single source/direct award/request for quote(s) contracts should be well known to regular readers. This is yet another example of a decisions which may have been the correct one (or maybe not) but just by using a non-transparent procedure it can look terrible.

The contract itself is available here.

More from Politico:

The IRS defended its decision in a statement, saying that Equifax told the agency that none of its data was involved in the breach and that Equifax already provides similar services to the IRS under a previous contract.

”Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems,” the statement reads. “At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation.”

Equifax did not respond to requests for comment.