In practice, officials didn't have much of a choice. Credit reporting in the US is dominated by three large companies (Equifax, Experian and TransUnion), and Equifax is arguably the powerhouse of the bunch. However, that only underscores the problem here: the IRS had to trust a crucial anti-fraud system to a company that not only had sloppy online security practices, but has been reluctant to take full responsibility for its mistakes.

There's a real chance that the hack will get Equifax to clean up its act in time to improve its handling of IRS data. We wouldn't count on it, though, and there's always the possibility that the IRS will fall afoul of the kind of data breach that prompted this anti-fraud contract in the first place.