The Internal Revenue Service, apparently, still trusts the credit-reporting firm quite a bit. Enough to award it a $7.25 million contract to help verify taxpayers' identities, less than a month after the company conceded it failed to correct a known software vulnerability that the hackers exploited.
A growing number of U.S. senators say that's a mistake.
"We strongly urge you to rescind this contract and look for other ways to verify taxpayers' identities," Sen. Jon Tester, a Montana Democrat, and six colleagues said in a letter to IRS Commissioner John Koskinen released on Thursday, Oct. 5. Their request followed a similar missive from Sens. Elizabeth Warren of Massachusetts and Ben Sasse of Nebraska the day before.
Hiring the Atlanta-based company to handle such a responsibility "shows clear disregard for the millions of Americans" whose financial well-being is threatened by the theft, Tester said in the letter, which was also signed by Sens. Sherrod Brown, Heidi Heitkamp, Chris Van Hollen, Tim Scott, Jack Reed and Robert Menendez. "We have no assurances that our constituents' personal information is safe in their hands."
The breach puts "a significant burden" on Equifax when it seeks any government contract, Warren and Sasse argued, and requires the IRS to fully explain its decision. If the agency cannot, they also said the contract should be scrapped.
The correspondence ramps up the criticism during a Senate Banking Committee hearing with former Equifax CEO Richard Smith on Wednesday in which lawmakers evaluated the events leading to the exposure of information from Social Security numbers to birthdates that lenders routinely use to verify the identities of loan applicants.
Unlike credit card numbers, which can be changed if stolen, such data points are difficult and in some cases, impossible, to alter, imperiling 145 million consumers. Some of them have already filed lawsuits, as has the San Francisco City Attorney, and the FBI is investigating the matter.
IRS officials told the House Ways and Means Committee separately that the Equifax deal was needed to maintain an electronic authentication service that might have lapsed during the company's protest over the agency giving a longer-term contract to one of its competitors.
"This is an abject failure," U.S. Rep. Jackie Walorski, an Indiana Republican, responded. "We have contracts being signed right in the middle of these investigations of the biggest data breach in the history of this country, exposing a massive amount of Americans to identity theft."
The best option for Equifax now is to drop its protest and turn down the agreement, Heitkamp, a North Dakota Democrat, told Smith.
"Just say, 'We're getting our house in order, we understand we have a ways to walk back our reputation, we're going to walk back our protest on the loss of the contract," she urged him.
Equifax shares have tumbled 20% to $113.12 since its Sept. 7 disclosure of the theft, which led to Smith's departure and his agreement to give up an annual bonus payment this year that had totaled more than $3 million each of the past two years.
What makes the incident particularly galling for victims and for lawmakers is that consumers have no choice in whether and how their data is tracked by companies like Equifax and rivals TransUnion (TRU) - Get Report and Experian (EXPGF) , and yet the service is vital to maintain credit lines that fuel U.S. economic growth.
"Because of this breach, consumers will spend the rest of their lives worrying about identity theft, small banks and credit unions will have to pay to issue new credit cards, businesses will lose money to thieves, but Equifax will be just fine," Warren said during the hearing.
With revenue growth from fraud-protection services sold in the aftermath, she added, "it could actually come out ahead."
Updated from Wednesday, Oct. 4, at 9:57 p.m.
More of What's Trending on TheStreet: