The IRS suspended a $7.25 million contract with the credit reporting company Equifax Friday after members of Congress complained the tax agency had awarded a no-bid contract to a company that recently had a massive data beach.
The IRS had contracted with Equifax to validate the identity of taxpayers communicating with the agency on the telephone or through its website.
In a statement Friday, the IRS said it suspended the contract as "a precautionary step" while the agency reviews the company's security systems.
"During this suspension, the IRS will continue its review of Equifax systems and security," the statement reads. "There is still no indication of any compromise of the limited IRS data shared under the contract."
Equifax revealed in September that hackers had obtained the personal information of more than 145 million people. Hackers stole Social Security numbers, birth dates and addresses, and in some cases driver's license numbers.
Equifax CEO Richard Smith stepped down. He later went before Congress for a public shaming in which he apologized.
Members of Congress from both political parties expressed outrage over the IRS contract.
"Given that Equifax failed to secure their own systems and provide timely notifications of a massive security breach, they should have never been an option for hire by the IRS," said Sen. Orrin Hatch, R-Utah, chairman of the Senate Finance Committee.
Sen. Sherrod Brown, D-Ohio, said: "Suspending the IRS contract is only the first step. We cannot know taxpayers are protected until Equifax is banned from all federal contracts."
Equifax issued a statement Friday that said, "We remain confident that we are the best party to perform the services required in this contract. We are engaging IRS officials to review the facts and clarify available options."
While the contract is suspended, taxpayers will not be able to create new accounts in the tax agency's Secure Access program, which enables taxpayers to securely access certain IRS services online. The IRS said taxpayers who already have accounts will not be affected.