Joomla Templates and Joomla Extensions by JoomlaVision.Com

Telecom Review North America

Latest Issue

Telecom Review's Interview with Marc Halbfinger, CEO of PCCW Global

Telecom Review's Interview with Alessandro Talotta, Chairman and CEO of Telecom Italia Sparkle

Telecom Review Summit 2016

Jeff Seal, Managing Partner Telecom Review NA Interviews the CEO of Spirent Technologies

Jeff Seal Interviews Zayo President Mike Strople

Telecom Review's Jeff Seal Moderates Submarine Fiber Optic Gathering

Socialize with us

IRS Awards Equifax a 7.5 Million Dollar No Bid Contract PDF Print E-mail
Wednesday, 11 October 2017 13:02

Democrats and Republicans in Congress continue to express astonishment at the IRS’s decision to continue partnering with Equifax, a troubled company that recently suffered a massive breach of sensitive consumer data on as many as 145 million Americans. This is after the whole world has known for weeks about Equifax’s failure to fix their systems. The IRS quietly awarded the contract Friday afternoon and posted noticed of on Saturday as POLITICO first reported. All apparently to avoid anyone reading this news.

"You can't make this stuff up,” Sen. Elizabeth Warren (D-Mass.) told reporters Wednesday after a hearing about Equifax's data breach. “This is like a bad movie. I am stunned that in the middle of this crisis the IRS would decide that it wants to trust Equifax as a business partner. It makes no sense to me. I want to find out what's going on here."

"More than 20 days had passed since we learned of the greatest data breach in history, and you just signed a contract to have Equifax have access to IRS data for identity verification purposes,” Rep. Jackie Walorski (R-Ind.) said during a Ways and Means subcommittee meeting. “I'm floored." “How does this happen when so much is at stake? I don’t think we can pass a law that can fix stupid,” said Rep. Greg Walden​​​​, R-Ore.

Smith admitted that the company had sent a warning to security staffers on March 9 about a known flaw in software it used called Apache Struts. The warning came from a vulnerability notice distributed on March 7 by the U.S. Computer Emergency Readiness Team.

According to Smith, Equifax's own protocols required that any vulnerable software be patched within 48 hours.

"Stupid." "Unprecedented." "Shocking." "Completely lacking." "Deserves to be shamed."

Those were just some of the phrases members of the House Digital Commerce and Consumer Protection subcommittee flung at Equifax, the breached credit reporting company.

Forcibly retired former Equifax CEO Richard Smith visibly flinched a few times during his testimony Tuesday as he was grilled over the hack that was first made public on Sept. 7.

The most venom came for Smith's lack of explanation as to how the massive breach, which exposed the personal information of 145.5 million Americans, happened.

Just as consumers are constantly urged to update their software to guard against problems that can be exploited by hackers, large corporations also get notices that it's time to upgrade, known in the industry as patching.

In Equifax's case, that patch notice came two months before the hack was discovered and a week before the company was hacked. Despite that, every internal system that should have put it in place or found out if it hadn't been somehow failed — much to the distress of lawmakers.