Georgia Tech Procurement Assistance Center

SAM.gov hackers used spearphishing, spoofing, credential theft

By

Cybercrooks who stole federal payments by hacking contractor accounts on a General Services Administration (GSA) website used sophisticated spearphishing techniques to steal login credentials and then diverted payments to bank accounts they controlled, an executive of a contractor targeted in the scam told FedScoop.

It’s unclear how much the scammers have netted through their scheme, which is being investigated by the GSA inspector general and federal law enforcement.

The inspector general’s office declined to comment, but sources familiar with the investigation told FedScoop that the cyberattacks that facilitated the fraud had been identified last year and were ongoing as
recently as last week.

Keep reading this article at: https://www.fedscoop.com/sam-gov-hackers-used-spearphishing-spoofing-credential-theft/

Also see Tips for Surviving Compromise of Government’s Vendor Database: http://gtpac.org/2018/03/26/tips-for-surviving-compromise-of-governments-vendor-database/

Colorado DOT employee stole DBE contractors’ personal information

By

DBE certifiedPersonal information from hundreds of Colorado Department of Transportation (CDOT) contractors may have been compromised after a data breach involving a CDOT employee.

The employee, who is no longer working for CDOT, had access to a database for several hundred disadvantaged and emerging small businesses. The database for Emerging Small Business (ESB) and Disadvantaged Business Enterprise (DBE) firms contained confidential information — including tax returns.

“We believe that there is a data breach on the database itself where an employee accessed information and may be using that and selling that information externally,” CDOT spokeswoman Amy Ford said.

The businesses potentially affected by the data breach submitted information to CDOT in order to qualify for ESB and DBE programs, Ford said. The programs are designed to give small, disadvantaged businesses an opportunity to contract with CDOT on construction, professional service, research and more.

Keep reading this article at: http://www.9news.com/mb/news/cdot-employee-stole-contractors-personal-information/175000302\

See letter send by CDOT to affected contractors at: https://www.scribd.com/doc/311660836/Letter-about-CDOT-data-breach

Will the Government shred your contract after a hack?

By

Contractors are concerned they might lose government business for coming forward about suspected internal data breaches, after the unprecedented decision by two departments to halt contracts with a hacked background investigation firm.

It is believed the personal information of Department of Homeland Security (DHS) employees likely was compromised when a suspected nation state penetrated a USIS corporate network.  USIS conducts personnel investigations on behalf of many agencies, including the Office of Personnel Management (OPM).  DHS and OPM temporarily ceased some jobs with USIS after the incident.

OPM did not pause work as a punishment, but rather as a way to protect federal employees until more details about the intrusion are known, agency officials told Nextgov on Friday, August 8, 2014.  But officials said they do not host information with USIS on the same system DHS uses.

DHS has issued stop work orders to temporarily halt activities that involve personal information, until the department can assess the full scope of the potential intrusion and repairs, Homeland Security officials told Nextgov.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2014/08/will-government-shred-your-contract-after-hack/91049

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More