Security vulnerability exposes confidential information of firms seeking government contracts


Joshua Rhett Miller

All federal vendors registered with the General Services Administration had their companies' confidential information exposed in a massive computer security screw-up, the agency said.

The GSA, the procurement arm through which government agencies buy products and services, is conducting a "full review" of its System for Award Management after the shocking security breach, federal officials told The latest issue with the IBM-administered system, which has been plagued with problems since it was implemented last year to integrate some eight different procurement systems, was reported to GSA officials on March 8. A software patch was implemented to close the exposure of both public and non-public data, including names, taxpayer identification numbers, marketing partner information numbers and bank account details.

"All registered SAM users were made aware of the situation," GSA Deputy Press Secretary Jackeline Stewart told in an email. "At this time, GSA is undertaking a full review of the system and investigating any potential additional impacts to registrants in SAM. The security of this information is a top priority for this agency and we will continue to ensure the system remains secure."

The most vulnerable users, according to GSA's website, are those who utilize Social Security numbers as a taxpayer identification number and those whose "opted in" to public search capabilities.

main page ATTRITION feedback