News of the IRS contract, first reported by Politico, emerged as Equifax execs were being grilled on Tuesday by members of the US House Committee on Energy and Commerce, Subcommittee on Digital Commerce and Consumer Protection.
"All the folks in the executive suite had no clue, but they were the luckiest investors on August 1 to sell the stock at the best price to net $655,000 - this was pure luck and nothing else?" a baffled Scott asked former Equifax CEO and Chairman Richard Smith.
Kelly was already aware of the problem, having been informed July 30 by Equifax's chief security officer of the "suspicious activity", and had notified Smith by email, the former CEO acknowledged.
Separately Monday, former CEO Richard Smith said in testimony prepared for a congressional hearing that the security team at Equifax failed to patch a vulnerability in March after getting a warning about the flaw.
The no-bid contract, which pays $US7.25 million ($9.25 million), is listed as a "sole source" acquisition, meaning the IRS has determined Equifax is the only business capable of providing this service - despite its involvement in potentially one of the most damaging data breaches in recent memory. Equifax says that it will be mailing written notices to all of these consumers.
Smith said Equifax has 225 individuals devoted to cybersecurity and the company has invested almost a quarter of a billion dollars in security over the past couple of years.
King & Spalding partner Phyllis Sumner confirmed she is representing Equifax on Equifax data security matters. Smith served as the Chairman and CEO of Equifax for the last 12 years.
Smith said this particular sale opened after the second quarter earnings call and was in line with normal behavior.
When asked if the three executives knew about the breach at the time of the stock sales, Smith said, "to the best of my knowledge, they didn't".
Smith offered a timeline of what went wrong, saying the Department of Homeland Security warned the company on March 8 about the need to patch a particular vulnerability in software used by Equifax and other businesses.
The company is dealing a breach of its systems by hackers who accessed or stole the information of 145 million Americans. Frank Pallone Jr. (D-N.J.) said in his opening statement. "At this time, we have seen no indications of tax fraud related to the Equifax breach, but we will continue to closely monitor the situation". "The company failed to prevent sensitive information from falling into the hands of wrongdoers".
An Illinois representative said it is "ludicrous" to think those whose personal information was exposed won't be harmed. Customers were confused and angered by a troubling tool Equifax created for checking if individuals were affected by the attack.