Equifax No-Bid Contract With IRS Is Simply Crony Capitalism

Remember the days, especially in a recession, when the political class used to tell us that company closures and job losses were part of the "creative destruction" that was key to capitalism's "success". As the famous economist Joseph Schumpeter said, "at the heart of capitalism is creative destruction", driven by entrepreneurs. And while it may seem that we live in a time of increasing entrepreneurship and innovation, the reality is that new business formation in this country is far lower than it was a few decades ago and the barriers to entry in existing businesses are far higher. This is all a result of not only lax anti-trust enforcement but also what is essentially crony capitalism. And yesterday we saw one of the most blatant examples of crony capitalism in memory.

Equifax, the company that just had a security breach that compromised the personal financial information of 143 million Americans, data that those individuals never authorized Equifax to have, has been award a no-bid federal contract by the IRS to identify taxpayer identities and prevent fraud. As Democratic Representative Suzan DelBene said, "I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true."

The contract, which was awarded on the last day of the federal fiscal year and was a "sole source order" meaning that the IRS determined that Equifax was the one and only company that could proved this service, will pay Equifax $7.25 million for their services.

At the same time, the former Equifax CEO was testifying on Capitol Hill that the security breach that will force over 140 million Americans to potentially deal with identity theft for the foreseeable future was the fault of a single employee in the Equifax IT department. After being warned by the Department of Homeland Security about a security flaw in its online portal, "an individual did not ensure communication got to the right person to manually patch the application", according to the CEO. In addition, the company's software to detect security holes was seemingly also not up to date as it did not detect this vulnerability.

Listening to the Equifax CEO made me feel like we were living in the 1980s again where some computer nerd in the back somewhere was responsible for keeping the entire system going. The fact that an error by a single individual could allow this kind of breach certainly highlights a failure of oversight and controls within the company. But compliance and IT are rarely considered profit centers and accordingly are often understaffed and underfunded, especially when it comes to IT maintenance. The fact that these companies also know they will pay no real price for their failures enhances the lack of focus and concern. To the contrary, they know that their monopoly position and political influence will insulate them from any real damage and potentially even get a no-bid government contract to boot.