We are passing along some important news about the General Services Administration (GSA) and its System for Award Management (SAM), the place where all grant applicants must be registered to apply for and receive federal funding. Apparently, someone has redirected federal payments away from legitimate recipients by going into the system and changing the victims' bank account information to their own. Although the GSA has not disclosed how many accounts were involved, they do state that only a small number of them have been affected. According to Federal News Radio, this is the third time there have been security issues involving SAM. The first happened in 2013 when a cybersecurity vulnerability accidentally exposed some registrants social security and bank account numbers. Then, in 2016 the Justice Department revealed that Dwayne C. Hans was charged with fraud including hacking into SAM.gov. Hans allegedly diverted $1.5 million from the Pension Benefit Guarantee Corporation into his own accounts.
How is the GSA Correcting the Situation?
According to the GSA they are taking the following steps to protect users:
- On March 22, they began notifying those that may have been involved, which is anyone whose financial information changed within the last year. They have expired, then deactivated registrations that appear to have been affected.
- A signed, notarized letter stating the registrant is the Entity Administrator will be required for all new registrations. (This includes both those who may have had their accounts compromised and must re-register and as well as brand new applicants.)
- The GSA has advised its users that it is making system modifications to prevent this from happening in the future.
- Federal News Radio also states that a "Tiger Team" has been formed to help the GSA with this incident, which includes plans to involve Dun & Bradstreet, the entity verification service.
Action Steps Everyone Should Take
- If you are registered with SAM it is important to check your financial information to make sure everything is correct in their system. Also check payment history in your own records to verify that all payments went into the appropriate accounts.
- Since some accounts have be deactivated, make sure you are properly registered to avoid missing out on applying for upcoming grants.
- If you detect suspicious activity, or have any other questions, contact the Federal Service Desk at www.fsd.gov, or by telephone at 866-606-8220 (toll free) or 334-206-7828 (internationally), Monday through Friday from 8 a.m. to 8 p.m. (EDT), for free assistance.
"SAM Update" from the GSA.
"GSA IG Investigating SAM.gov Fraud Site" from FedScoop.
"GSA’s Central Contractor Website Victimized by Fraud for Second Time" from Federal News Radio.