March 22 2013 Copyright (c) 2013 Business Research Services Inc. 301-229-5561 All rights reserved.

Return to Front Page

Features:
  • Procurement Watch
  • Calendar of Events
  • Washington Insider
  • Teaming Opportunities
  • Certified Small Businesses
  • Small Business Contract Awards
  • Defense Small Business Awards
  • Links to Prior Issues

    Set-Aside Alert is
    published by
    Business Research Services
    1-800-845-8420
    brspubs@sba8a.com
    www.sba8a.com

    • SAM.gov may have leaked contractors’ sensitive info

    Federal contractors using the government’s SAM.gov online procurement database may have exposed their sensitive personal information to other users because of a security vulnerability in the system, officials disclosed.

    The General Services Administration notified users of the System for Award Management (SAM) on March 15 that their personal information--including Social Security numbers and bank account information--may have been accessed by other users.

    The vulnerability was discovered on March 8 and patched on March 10, GSA said in a statement on its Integrated Acquisition Environment website.

    “Users with entity administrator rights were allowed to view any entity’s registration information, including both public and non-public data at all sensitivity levels,” Amanda Fredriksen, acting assistant commissioner for the acquisition environment, wrote in an email to users on March 15.

    The system is used by thousands of federal contractors weekly. It is the primary system for registering vendors who seek to sell to federal agencies.

    Users would have had to follow “a unique series of steps” to access other users’ information, according to GSA’s statement. Users could not edit other users’ data.

    Contractors most at risk were those who included their Social Security Numbers as identifiers, which were vulnerable to exposure, GSA said. Those users are potentially at greater risk of identity theft, and have received separate communications about credit monitoring.

    Other potentially-exposed sensitive data included names, taxpayer identification numbers, marketing partner information numbers and bank account information.

    To further evaluate the vulnerability and its impact, GSA said it is underaking a “full review of the system and investigating any potential additional impacts, to registrants in SAM.” Portions of SAM.gov operation were suspended temporarily on March 18 and 19, notes on the website stated.

    Asked how a SAM.gov user would know if his or her data was exposed, GSA recommended monitoring bank statements for discrepancies.

    More information: GSA statement: http://goo.gl/OZvUM
    Frederiksen email: http://www.setasidealert.com


    For more information about Set-Aside Alert, the leading newsletter
    about Federal contracting for small, minority and woman-owned businesses,
    contact the publisher Business Research Services at 800-845-8420