Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • GTPAC COVID-19 Resource Page
    • Veterans Verification Video
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • COVID-19
  • New Client Application
  • Contact Us

SAM.gov hackers used spearphishing, spoofing, credential theft

April 2, 2018 By Andrew Smith

Cybercrooks who stole federal payments by hacking contractor accounts on a General Services Administration (GSA) website used sophisticated spearphishing techniques to steal login credentials and then diverted payments to bank accounts they controlled, an executive of a contractor targeted in the scam told FedScoop.

It’s unclear how much the scammers have netted through their scheme, which is being investigated by the GSA inspector general and federal law enforcement.

The inspector general’s office declined to comment, but sources familiar with the investigation told FedScoop that the cyberattacks that facilitated the fraud had been identified last year and were ongoing as
recently as last week.

Keep reading this article at: https://www.fedscoop.com/sam-gov-hackers-used-spearphishing-spoofing-credential-theft/

Also see Tips for Surviving Compromise of Government’s Vendor Database: http://gtpac.org/2018/03/26/tips-for-surviving-compromise-of-governments-vendor-database/

Filed Under: Contracting News Tagged With: credential theft, credentials, cyber incident, cyberattack, cybersecurity, data breach, data compromise, DMARC, DSBS, FAPIIS, fraud, free instruction, free SAM assistance, free SAM help, free SAM registration, GSA, hack, past performance, PPIRS, SAM, SAM assistance, sam is free, SAM registration, sam.gov, scam, spearphishing, spoofing, System for Award Management, two-factor authentication, vendor database, vendor registration

Colorado DOT employee stole DBE contractors’ personal information

May 11, 2016 By Andrew Smith

DBE certifiedPersonal information from hundreds of Colorado Department of Transportation (CDOT) contractors may have been compromised after a data breach involving a CDOT employee.

The employee, who is no longer working for CDOT, had access to a database for several hundred disadvantaged and emerging small businesses. The database for Emerging Small Business (ESB) and Disadvantaged Business Enterprise (DBE) firms contained confidential information — including tax returns.

“We believe that there is a data breach on the database itself where an employee accessed information and may be using that and selling that information externally,” CDOT spokeswoman Amy Ford said.

The businesses potentially affected by the data breach submitted information to CDOT in order to qualify for ESB and DBE programs, Ford said. The programs are designed to give small, disadvantaged businesses an opportunity to contract with CDOT on construction, professional service, research and more.

Keep reading this article at: http://www.9news.com/mb/news/cdot-employee-stole-contractors-personal-information/175000302\

See letter send by CDOT to affected contractors at: https://www.scribd.com/doc/311660836/Letter-about-CDOT-data-breach

Filed Under: Contracting News Tagged With: data breach, data compromise, data security, DBE, DOT, ESB, small business

Will the Government shred your contract after a hack?

August 14, 2014 By ei2admin

Contractors are concerned they might lose government business for coming forward about suspected internal data breaches, after the unprecedented decision by two departments to halt contracts with a hacked background investigation firm.

It is believed the personal information of Department of Homeland Security (DHS) employees likely was compromised when a suspected nation state penetrated a USIS corporate network.  USIS conducts personnel investigations on behalf of many agencies, including the Office of Personnel Management (OPM).  DHS and OPM temporarily ceased some jobs with USIS after the incident.

OPM did not pause work as a punishment, but rather as a way to protect federal employees until more details about the intrusion are known, agency officials told Nextgov on Friday, August 8, 2014.  But officials said they do not host information with USIS on the same system DHS uses.

DHS has issued stop work orders to temporarily halt activities that involve personal information, until the department can assess the full scope of the potential intrusion and repairs, Homeland Security officials told Nextgov.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2014/08/will-government-shred-your-contract-after-hack/91049

Filed Under: Contracting News Tagged With: contractor performance, data breach, data compromise, DHS, hack, hackers, information technology, IT, OPM, performance standards

Recent Posts

  • OMB releases guidance related to small business goals
  • Are verbal agreements good enough for government contractors?
  • OMB issues guidance on impact of injunction on government contractor vaccine mandate
  • CMMC 2.0 simplifies requirements but raises risks for government contractors
  • OFCCP launches contractor portal initiating AAP verification program

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Nondisplacement of qualified workers is back, but with changes

Read More

Contracting Tips

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

OFCCP launches contractor portal initiating AAP verification program

GAO rules that DoD may not require small business Joint Venture itself hold facility security clearance

Terminations for convenience clauses vs. mutual termination clauses

Read More

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Read More

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2022 · Georgia Tech - Enterprise Innovation Institute