SAM shows contractors’ private information, now fixed

A software glitch in the government procurement system for contractor work exposed significant amounts of personal and private data of individuals and companies — including Social Security, business tax identification and bank account numbers — open for viewing. The problem could leave many individuals and companies potentially open to a significant threat of identity theft.

The General Services Administration sent an email to parties registered on the System for Award Management, or SAM, on Friday, warning them of the problem, according to a copy obtained by MoneyWatch. The message states that registered SAM users with the proper set of assigned rights “had the ability to view any entity’s registration information, including both public and non-public data at all sensitivity levels.”

SAM is an attempt to consolidate multiple government procurement systems. It is part of a major e-government presidential initiative from 2002 that was expected to take until 2015 to complete and that had spent $54.8 million in fiscal year 2012. IBM is the contractor that build the system and the GSA has had concerns about the software’s performance.

Contractors must provide extensive detailed information about themselves or their organizations, including bank account numbers for payment transfers, tax payer identification and contact details. Such information can be used by criminals to steal the identity of individuals or even corporations. Identity theft is difficult to correct once it happens.

According to a GSA bulletin, the software problem was actually discovered on March 8, 2013, and fixed two days later. However, there is no information posted on how long the vulnerability existed, how many people might have been identified, or even if the software had been written in such a way to identify whose records might have been accessed. The GSA notes that it is undertaking a “full security review” of the system.

Keep reading this article at: http://www.cbsnews.com/8301-505124_162-57574681/gsa-system-shows-contractors-private-information/

For additional information, see the SAM security vulnerability FAQs.
Starting Monday, March 18, at 8 a.m., you may call the FedInfo hotline at 1-800-FED-INFO for immediate support.
For the latest news involving SAM, visit: http://gtpac.org/tag/sam.

Contracting News

SBA scorecard shows federal government continues to prioritize small business contracting

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Contracting Tips

Contractors must update EEO poster

The risk of organizational conflicts of interest

The gap widens between COFC and GAO on late is late rule

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities