Tag Archives: Cyber Security

IRS Awards Multimillion-Dollar (no bid) Fraud-Prevention Contract to Equifax

Say what?

https://static.politico.com/dims4/default/0f31fd5/2147483647/resize/1160x/quality/90/?url=http%3A%2F%2Fstatic.politico.com%2Fba%2Fc8%2F6fca25494fee975f4f414529aaf5%2F171003-equifax-getty-1160.jpg
Former Equifax CEO Richard Smith, who stepped down after the breach, endured a bipartisan shaming Tuesday at a hearing of a House Energy and Commerce subcommittee. | Chip Somodevilla/Getty Images

The no-bid contract was issued last week, as the company continued facing fallout from its massive security breach.

The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans.

A contract award for Equifax’s data services was posted to the Federal Business Opportunities database Sept. 30 — the final day of the fiscal year. The credit agency will “verify taxpayer identity” and “assist in ongoing identity verification and validations” at the IRS, according to the award.

The notice describes the contract as a “sole source order,” meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract.

Lawmakers on both sides of the aisle blasted the IRS decision.

“In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed,” Senate Finance Chairman Orrin Hatch (R-Utah) told POLITICO in a statement.

The committee’s ranking member, Sen. Ron Wyden (D-Ore.), piled on: “The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this. I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward.”

The IRS defended its decision in a statement, saying that Equifax told the agency that none of its data was involved in the breach and that Equifax already provides similar services to the IRS under a previous contract.

“Following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems,” the statement reads. “At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation.”

Equifax did not respond to requests for comment.

Equifax disclosed a cybersecurity breach in September that potentially compromised the personal information, including Social Security numbers, of more than 145 million Americans — data that security experts have described as the crown jewels for identity thieves. The company is one of three major credit reporting bureaus whose data determine whether consumers qualify for mortgages, auto loans, credit cards and other financial commitments.

The company has subsequently taken criticism for issuing confusing instructions to consumers, which contained language that appeared aimed at limiting customers’ ability to sue, as well as tweeting out a link to a fake website instead of its own security site. The Justice Department later opened a criminal investigation into three Equifax executives who sold almost $1.8 million of their company stock before the breach was publicly disclosed, Bloomberg has reported.

Former Equifax CEO Richard Smith, who stepped down after the breach, endured a bipartisan shaming Tuesday at a hearing of a House Energy and Commerce subcommittee. The full committee’s Republican chairman, Greg Walden of Oregon, proclaimed: “It’s like the guards at Fort Knox forgot to lock the doors.”

Reps. Suzan DelBene (D-Wash.) and Earl Blumenauer (D-Ore.) separately penned letters to IRS Commissioner John Koskinen demanding he explain the agency’s rationale for awarding the contract to Equifax and provide information on any alternatives the agency considered.

“I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true,” Blumenauer wrote.

The IRS, which has suffered its own embarrassing data breaches as well as a tidal wave of tax-identity fraud, has taken steps to improve its outdated information technology with the help of $106.4 million that Congress earmarked for cyber security upgrades and identity theft prevention efforts.

Hatch questioned the agency’s security systems in a letter to Koskinen last month. Hatch said he was concerned that the IRS lacked the technology necessary “to safeguard the integrity of our tax administration system.”

Equifax Hackers Demand $2.6 Million Ransom In Bitcoin

“We’re Just Trying To Feed Our Families”

Two days after credit-monitoring company Equifax revealed that, because of its staggering negligence, hackers had managed to penetrate the company’s meager cyber security defenses and abscond with up to 143 million social security numbers and a trove of other personal data – including names, addresses, driver’s license data, birth dates and credit-card numbers – the cyberthieves responsible are threatening to sell the data to the highest bidders unless they receive a ransom payment of 600 bitcoin – worth about $2.6 million, according to CoinTelegraph.

In the ransom note, which was published on the dark web, the hackers said they were just two regular people trying to get by – and that, while they don’t want to hurt anybody, they need to monetize the information as soon as possible. They promised to delete the data as soon as the ransom was received.

“We are two people trying to solve our lives and those of our families.

We did not expect to get as much information as we did, nor do we want to affect any citizen.

But we need to monetize the information as soon as possible.”

The hackers have now made a ransom demand, stating on a Darkweb site that they will delete the data for a ransom payment of 600 BTC, worth approximately $2.6 million.

The demand said that if they do not receive the funds from Equifax by September 15th, they will publicize the data.

https://i1.wp.com/www.zerohedge.com/sites/default/files/images/user245717/imageroot/2017/08/19/2017.09.09equifax.JPG

Meanwhile, as we reported last night, two plaintiffs have filed a $70 billion class-action lawsuit against Equifax in a Portland, Ore. federal court – a case that has the potential the crush the company with a massive payout.

In the lawsuit, lawyers from Olsen Daines PC, who filed it on behalf of plaintiffs Mary McHill and Brook Reinhard, alleged that Equifax was negligent in failing to protect consumer data, and that the company chose to save money instead of spending on technical safeguards that could have stopped the attack.

Imagine how much angrier they would be if they found that instead of “saving” the money, the company used it instead to buy back its own stock (in this case from selling executives)?
the two plaintiffs in the case filed in Portland, Ore., federal court has every single merit to ultimately crush Equifax for what is nothing less than unprecedented carelessness in handling precious information.

Of course, in what will likely be remembered as a massively stupid public relations blunder, Equifax “neglected” to specify that an arbitration waiver included in an online portal allowing customers to check on the status of their information “does not apply to this cybersecurity incident.”

…We wonder, which incident does it apply to then?

Here’s the company’s full statement from the company, courtesy of the Washington Post:

Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” the company said.

Meanwhile, one reporter who was examining the company’s web portal pointed out what is either a hilarious glitch, or an ominous indication that the most troubling reveal is yet to come

https://pbs.twimg.com/ext_tw_video_thumb/906247597127499776/pu/img/UKdsqBdw9CL0zOPU.jpg

Source: ZeroHedge