The US Internal Revenue Service (IRS) has awarded Equifax a $7.25m (£5.45m) contract to verify taxpayers' identities and help tackle tax fraud despite a recently disclosed data breach that compromised valuable personal and financial details of about 145.5 million Americans.
Last week, the IRS hired the embattled credit reporting company to "assist in ongoing identity verification and validations needs of the Service", according to its filing on the Federal Business Opportunities database posted on 30 September, Politico first reported.
The filing described Equifax as a "sole source order", which means the IRS believes the company is the only business capable of providing the service. The notice read, "This is a critical service that cannot lapse."
The news of the contract comes as Equifax faces fierce scrutiny and criticism over a data breach in July that compromised the valuable personal and financial details of millions of Americans, including names, dates of birth, social security numbers, addresses and, in some cases, credit card details, among other information.
The firm has since been slapped with multiple lawsuits and probes by a number of US states, Congress and the Justice Department. This week, former Equifax CEO Richard Smith, who retired in the wake of the breach, is being grilled by lawmakers over the major infiltration and its impact on American consumers.
In the wake of the disclosure, the company has come under fire over its decision to delay the public announcement of the breach for over a month and is also being scrutinised for three executives selling shares just days after the organisation learned of the breach, but before it was made public.
Equifax said hackers exploited a months-old, unpatched Apache Struts flaw to carry out the breach, dubbed one of the largest and worst-ever breaches in US history due to the sensitive nature and value of the data compromised.
The company was also slammed for charging individuals to check to see if they were affected, while its credit monitoring site was deemed susceptible to hacking and accidentally sending data breach victims to a fake phishing website for weeks.
The IRS' decision to award the contract to Equifax has drawn ire from lawmakers.
"In the wake of one of the most massive data breaches in a decade, it's irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed," Senate Finance Chairman Orrin Hatch told Politico.
The IRS, however, defended its decision to award the contract to Equifax.
"Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems," the agency said. "At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation."