Latest in Gear

Image credit:

IRS freezes its fraud prevention contract with Equifax

The suspension came after the discovery of an adware installer in Equifax's website.
Mariella Moon, @mariella_moon
October 13, 2017
Share
Tweet
Share

Sponsored Links

Bloomberg via Getty Images

The IRS got a lot of flak from both ordinary citizens and lawmakers when it awarded Equifax a fraud prevention contract earlier this month. After all, they forged their partnership after the credit reporting agency revealed that it recently suffered a massive security breach that affected 145 million Americans. Now, after reports came out that an adware installer lived in the agency's website, IRS has decided to temporarily suspend the $7.2 million, no-bid contract.

IRS commissioned Equifax to verify the identities of taxpayers signing up for a Secure Access account, which gives people access to online tax records and transcripts, on its website. Sign ups for Secure Access accounts have been suspended as a result, but anybody who already has one will not be affected.

The government agency didn't elaborate why it suspended the contract, but it could have something to do with the faux Adobe Flash installer a security analyst found on Equifax's website. After investigating the incident, Equifax admitted to Engadget that a downloader serving up malware lived in its website but stressed that it wasn't hacked yet again.

"Despite early media reports, Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal," a spokesperson told us in a statement. "The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor's code running on an Equifax website was serving malicious content. Since we learned of the issue, the vendor's code was removed from the webpage and we have taken the webpage offline to conduct further analysis."

As for the IRS, spokesman Matthew Leas said Secure Access account holders have nothing to worry about. Yes, it froze the contract, but "there is still no indication of any compromise of the limited IRS data shared" with Equifax." He explained that "the contract suspension is being taken as a precautionary step as the IRS continues its review."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

‘Babylon 5 Remastered’ now available to buy or stream on HBO Max

‘Babylon 5 Remastered’ now available to buy or stream on HBO Max

View
Google reveals North Korean-backed campaign targeting security researchers

Google reveals North Korean-backed campaign targeting security researchers

View
Apple shuffles hardware execs to make room for a mysterious new project

Apple shuffles hardware execs to make room for a mysterious new project

View
Samsung's Galaxy Watch 3 ECG tracking comes to 31 more countries

Samsung's Galaxy Watch 3 ECG tracking comes to 31 more countries

View
A personal trainer app guilt-tripped me into exercising (and it worked)

A personal trainer app guilt-tripped me into exercising (and it worked)

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr