The Government Accountability Office (GAO) on Monday rejected Equifax's bid to retain its $7.25 million "taxpayer identity" contract—the one awarded days after Equifax announced it had exposed the Social Security numbers and other personal data of some 145 million people.

At its core, the Equifax-IRS ordeal reveals the strangeness of the government contacting system. That's because Equifax wasn't even originally chosen to continue its contract with the IRS's Secure Access online program, which enables taxpayers to store and retrieve online tax records. But because Equifax protested when the agency gave the contract to rival Experian for a fraction of the cost, the IRS said contracting rules demanded that it offer a "bridge" contact to Equifax until the GAO sorts out the protest.

The GAO sorted everything out on Monday. It set aside the challenge from Equifax which contended that Experian, whose bid was worth up to $795,000 annually, didn't have the technological wherewithal to verify taxpayers signing up for the Secure Access program.

"GAO denied Equifax's protest, concluding that the IRS reasonably found that the Experian offer would meet the agency's needs. In essence, GAO's decision concludes that Equifax's contentions were based on an unreasonable interpretation of the solicitation," Ralph White, a GAO procurement attorney, said in a statement.

Last week, the IRS tentatively suspended the contract with Equifax because of another Equifax snafu. The Equifax site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates. When clicked, the updates infected visitors' computers with adware that was detected by just three of 65 antivirus providers. Because of this procurement flap, taxpayers cannot open new Secure Access accounts with the IRS. The tax collection agency expects to re-open the program to newcomers "as quickly as we can."

In a statement, the IRS said: