Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Cyber vulnerability in GSA's SAM portal exposes vendors' data
Friday - 3/15/2013, 6:13pm EDT
The General Services Administration's System for Award Management potentially exposed users' information, including some Social Security numbers and bank-account information, to the public because of a cybersecurity vulnerability.
In an email to SAM users obtained by Federal News Radio, GSA's Amanda Fredriksen, the acting assistant commissioner for the Integrated Award Environment, told vendors the agency applied a software patch as soon as GSA discovered the problem. The agency stated on its Integrated Acquisition Environment (IAE) website that the vulnerability was reported on March 8 and fixed on March 10.
"The data contained identifying information including names, taxpayer identification numbers (TINs), marketing partner information numbers and bank account information. As a result, information identifiable with your entity registered in SAM was potentially viewable to others," Fredriksen wrote. "Registrants using their social security numbers instead of a TIN for purposes of doing business with the federal government may be at greater risk for potential identity theft. These registrants will receive a separate email communication regarding credit monitoring resources available to them at no charge."
GSA spokeswoman Jackeline Stewart said in an email to Federal News Radio, "GSA is undertaking a full review of the system and investigating any potential additional impacts to registrants in SAM. The security of this information is a top priority for this agency and we will continue to ensure the system remains secure."
On the IAE website, GSA stated, "To date, GSA has no evidence that registrants' data was improperly used, changed or lost. Information was not editable by any users other than the authorized administrator for the entity."
This becomes yet another hiccup for SAM. GSA has been trying to consolidate eight procurement systems — including the Central Contractor Registration, the Past Performance Information Retrieval System and six others — for the past three years.
GSA and its contractor, IBM, planned to take SAM live early last summer, but had to delay full production by two months after problems surfaced. Even after the launch, SAM struggled, causing GSA to issue IBM a letter of concern about SAM's performance.
GSA moved the oversight and implementation of SAM to the Federal Acquisition Service from the Office of Governmentwide Policy in October and increased the resources going to it.
SAM has improved over the last few months though some vendors still have problems using it.
Now, this potential data breach is another challenge for the system.
"We apologize for any inconvenience or concern this situation may cause. We believe it is important for you to be fully informed of any potential risk resulting from this situation," Fredriksen wrote. "The security of your information is a critical priority to this agency and we are working to ensure the system remains secure. We will keep you apprised of any further developments."