What does it take for the Internal Revenue Service to realize that maybe, just maybe, it picked the wrong company to award a $7.25 million fraud-prevention contract? It wasn’t enough that Equifax’s network was so poorly prepared for a hack that a months-long cyber attack compromised the sensitive information of more than 140 million Americans. And then that same company may have served up malware to consumers visiting its publicly available website. Whatever the reason, the IRS has finally begun to realize Equifax might just be absolutely terrible at its job.

In late September, just as members of Congress were preparing to grill Equifax executives on their incompetence, the IRS awarded Equifax with a contract to offer identity-verification services to the agency for its Secure Access program, which gives taxpayers online access to their IRS records.

Now, Politico reports that the IRS has suspended the contract while it continues to review whether or not it may have made a wildly boneheaded decision to think Equifax could be trusted.

The IRS granted the contract to Equifax without even considering bids from other possible vendors. According to the notice about the contract, the IRS considered this a “sole source” contract, meaning that it, for whatever reason, believed that only Equifax — of all the companies in the entire world — could perform this task.

Since no other companies bid on it, or are apparently able to even do this job, the IRS has had to halt new enrollments in Secure Access. Politico notes that those people who are already signed up through the program — meaning their identity has already been verified — will continue having access to their files.

In a statement, the IRS sought to highlight that it had no reason to believe that any of the Secure Access users’ info had been compromised, and that “The contract suspension is being taken as a precautionary step as the IRS continues its review.”