Senators Ask IRS to Rescind Equifax Contract

Published: October 12, 2017

IRS

Members of the Senate Banking Committee are asking the IRS to rescind a $7.25 million sole source award to Equifax in the wake of the company putting 145.5 million Americans’ personal information at risk.

The IRS awarded a “short-term” sole source contract to Equifax Information Services LLC on September 29th, only a few weeks after it publically announced a breach of its systems that potentially exposed consumers’ Social Security numbers, credit card numbers, and other personal information.   

An FBO announcement on September 30th stated that the IRS was establishing an “order for third party data services from Equifax to verify taxpayer identity and to assist in ongoing identity verification and validations needs.” It went on to say that a sole source order was required to cover these “critical services” while a protest was being resolved for the award of a new longer term contract. 

Equifax currently holds a contract with the IRS for transaction support for identity management which was recompeted and awarded to another vendor.  Equifax filed a protest of the award with GAO in July.  GAO’s decision is slated for October 16th.   

No information could be found in FBO synopses or Deltek’s opportunities database regarding the recompete.  In addition, no specific information could be found on the current Equifax contract with the IRS. However, a search on USAspending.gov showed that the Treasury Department obligated $4.3 million in prime contracting dollars to Equifax Information Services LLC in FY 2016 and $1.5 million in FY 2017 (complete fiscal year data for FY 2017 is not yet available).   

Additionally, the sole source justification document from FBO explaining the rational for the short-term bridge contract to Equifax is inaccessible.  Users receive the message “Unauthorized” when attempting to download the FBO zip file.

News of the bridge contract came on the same day that Equifax’s former chairman and chief executive, Richard Smith, testified before a House panel regarding the consumer data breach. Smith stepped down last month in the wake of the cybersecurity hack.

Without knowing specific dates regarding the expiration of the current Equifax contract and the term of the bridge contract, it’s difficult to determine the viability of IRS canceling the bridge contract with Equifax. If Equifax loses the protest, it’s likely that part of its work would be to assist IRS in transitioning to the new contractor. If GAO sustains the protest, it will recommend appropriate corrective action, which could lead IRS down a number of paths, including re-evaluating proposals or starting over with an amended solicitation. IRS also has the option of canceling the recompete contract altogether, but considering that the services are so critical as to drive them to award a sole source bridge contract, cancelling the recompete contract is unlikely.

Agencies can cancel contracts for “convenience” (in the best interest of the government) or for “cause” or “default” (the contractor failed to perform).  The bridge contract is may be too short for IRS to go through this process, but if GAO denies the protest and IRS feels ready to transition to the winner of the recompete contract before Equifax’s bridge contract expires, they do have options for canceling.