SAM.gov Cyber Security Breach Reported
Since the launch of the System for Award Management (SAM.gov) during the end of July 2012, the General Service Administration has received widespread complaints concerning the system. Users have criticized SAM.gov for its frequent system errors, inefficient functions, untimeliness of registrations and most recently – breach in security. The system, which replaced the Central Contractor Registry (CCR) and the Online Representations and Certifications Application (ORCA), was created with the intention of making the registration process easier to track and maintain for both Federal contractors and agencies. However, instead the system has perpetuated the feelings of frustration among not only its users, but also its creators.
Registering on SAM.gov is critical to Federal Contractors, because they are unable to submit new offers or modifications to existing contracts without having an active SAM registration. Users are not only aggravated by the long waiting periods they are forced to endure each time they call the helpdesk, but also by the week or two delays they experience when they submit even the simplest request to the IT department at SAM.gov. To make matters worse, once a registration is submitted to SAM.gov, it must undergo IRS and CAGE Code validation. This process can take up to two weeks, before registrations are listed as “active” on SAM.gov. As the intolerable delays from frequent system errors and inadequate support has hindered contractors from fulfilling their obligations to enlist and maintain a registration with SAM.gov, it has caused a serious predicament for the General Service Administration.
Furthermore, the recent security incident that was reported to GSA on March 8th and fixed by March 10th has spread feelings of dislike – and now distrust among its users. GSA announced that the security incident consisted of “registered SAM users with entity administrator rights and delegated entity registration rights had the ability to view any entity’s registration information, including both public and non-public data at all sensitivity levels.” As a corrective active, “GSA implemented a software patch to close this exposure” as soon as the “vulnerability was identified.” The sensitive registration information that was at risk included “taxpayer identification numbers (TINs), social security numbers, marketing partner information numbers and bank account information.” Thus, information provided in any registration, “was potentially viewable to others.”
GSA reported to have taken immediate action and has launched a full investigation to determine what additional security safeguards and protocols could be implemented moving forward. Although we do not know whose information was at risk, we do advise users to take extra precautions at this time by monitoring bank accounts and notifying financial institutions of any discrepancies. Furthermore, users have the option to opt-out from public search results on SAM.gov. To find more information on the recent security incident, click here.
About Kevin Lancaster
Kevin Lancaster leads Winvale’s corporate growth strategies in both the commercial and government markets. He develops and drives solutions to meet Winvale’s business goals while enabling an operating model to help staff identify and respond to emerging trends that affect both Winvale and the clients it serves. He is integrally involved in all aspects of managing the firm’s operations and workforce, leading efforts to improve productivity, profitability, and customer satisfaction.