If you haven’t been notified already, a security breach has been detected in SAM. The details are included in the points below. GSA hasn’t found evidence that this security vulnerability was exploited prior to discovery. GSA anticipates limited access to the SAM.GOV site possibly by March 25, 2013.
*** Recently, U.S. GSA officials identified a security vulnerability in the System for Award Management (SAM), which could allow some existing users in the system to view certain registration information of other users. The System for Award Management is a federal government-wide procurement system that acts as a data source for vendor, contract award and reporting information.
*** Immediately after the vulnerability was identified, GSA implemented a software patch to close this exposure. GSA is undertaking a full review of the system and investigating any potential additional impacts to registrants in SAM. The security breach happened over two days.
*** The security of this information is a top priority for GSA as well as SBA and we will continue to ensure the system remains secure.
*** It is unclear how many businesses were affected, but as a precaution, GSA is offering the users at higher risk, access to credit monitoring services. The most vulnerable users are those that use a Social Security Numbers as a Taxpayer Identification Number and that “opted in” to public search.
*** All registered SAM users were made aware of the situation, but no foreseeable potential harm was identified from the vulnerability. No one’s data could be edited.
*** At this time, GSA is undertaking a full review of the system and investigating any potential additional impacts to registrants in SAM. GSA promises to keep SBA officials up to date on their review process and we will share information as we get it.
*** SBA officials are in close contact with GSA staff to determine next steps and we will keep you updated on any new developments.
*** For more information, please visit the site below, or Fed Info hotline at 1-800-FED-INFO for immediate support