Legal Meets Practical: Accessible Solutions
27 Mar 2018

Hackers Divert Government Payments to Contractors on SAM.gov

The SAM.gov federal website that registers thousands of federal contractors has been hit by an alleged fraud, General Services Administration (“GSA”) officials announced on March 22.

Since 2012, federal contractors have been required to register in the System for Award Management, or SAM.gov (formerly CCR/ORCA, which was phased out), and to provide detailed company information, including sensitive information such as bank account numbers. If you want to be paid by the federal government (or even the possibility of getting paid), you must provide this information and be registered and up to date in SAM.gov.

The suspected fraud involved payments from the government that were improperly diverted to third-party accounts. At this time, GSA believes “only a limited number” of companies have been affected, and they have been notified. Accordingly, if you have NOT received an email from Sam.gov that made you spit out your coffee, presumably your information is safe, although from the GSA’s statement it appears that more notifications of individual breaches may be coming.

The GSA, in its March 22 statement, urged contractors to review their bank information to determine if their account was affected. “Entities should contact their federal agency awarding official if they find that payments, which were due their entity from a federal agency, have been paid to a bank account other than the entity’s bank account,” GSA wrote. If an entity suspects a payment due them from a Federal agency was paid to a bank account other than their own, they should contact the Federal Service Desk at www.fsd.gov, or by telephone at 866-606-8220 (toll free) or 334-206-7828 (internationally), Monday through Friday from 8 a.m. to 8 p.m. (EDT). Accordingly, check your bank statement to make sure everything is as it should be. Now! Don’t assume the government properly identified you as safe from the breach, and properly omitted to send you a notice.

GSA confirmed that its Office of Inspector General is investigating the suspected fraudulent activity. The affected accounts have been deactivated and systems modifications are being made to prevent further fraudulent activity.

For new registrations, GSA is now requiring an original, signed notarized letter identifying the authorized Entity Administrator for the entity associated with the DUNS number before a new SAM.gov entity registration will be activated.

This is the worst breach of SAM.gov yet. Back in 2013, a glitch in the system enabled those using its search function to access sensitive information, but there were no reported incidents of resulting theft. While right now, the details are sketchy, soon there should be information relating to the number of contractors affected and the amount of funds diverted.

For more information, access the GSA statement here.

For updates and other information that affects federal government contractors, follow Sarah Schauerte’s legal blog at: https://legalmeetspractical.com.

Posted in Uncategorized | 1 Comment »

One Response to “Hackers Divert Government Payments to Contractors on SAM.gov”

  1. J.R. Handley
    10:59 am on May 2nd, 2018

    Another reminder that the internet is a wonderful tool, but you have to diligently guard your data or it’ll escape into the wild!

Mission Statement

My mission is to provide accessible, high-quality legal services to small business owners and to veterans. I will strive to clearly communicate, understand objectives, and formulate and execute effective legal solutions.

Disclaimer

No Attorney-Client Relationship

This website is maintained exclusively for informational purposes. It is not intended to provide legal or other professional advice and does not necessarily represent the opinions of the lawyer or her clients. Viewing this site, using information from it, or communicating with Sarah Schauerte through this site by email does not create an attorney-client relationship.

Non-Reliance

Online readers should not act nor decline to act, based on content from this site, without first consulting an attorney or other appropriate professional. Because the law changes frequently, this website's content may not indicate the current state of the law. Nothing on this site is meant to predict or guarantee future results. I am not liable for the use or interpretation of information contained on this website, and expressly disclaim all liability for any actions you take or fail to take, based on this website's content.

Links

I do not necessarily endorse and am not responsible for content accessed through this website's links to other Internet resources. Correctness and adequacy of information on those sites is not guaranteed, and unless otherwise stated, I am not associated with such linked sites.

Contacting Me

You may email me through the email address provided by this site, but information you send through email or this website is not secure and may not be confidential. Communications will not be treated as privileged unless I already represent you. Do not send confidential information until you have established a formal attorney-client relationship with me. Even if I represent you, please understand that email security is still uncertain and that you accept all risks of such uncertainty and potential lack of confidentiality when you send us unencrypted, sensitive, or confidential email. Email from me never constitutes an electronic signature, unless it expressly says so.