SAM Security Breach

The General Services Administration (GSA) recently identified a security problem in SAM (System for Award Management).   People registered as users with administrator rights and delegated entity registration rights were able to see any entity’s registration information – not just their own.

GSA immediately implemented a software patch to fix the problem.  The data that other users could have potentially seen included names, taxpayer IDs, marketing partner information and bank account information.  Basically, your SAM information could potentially be seen by other SAM users.

If your property registered using the owner’s social security number instead of a tax ID, the owner may be at greater risk for potential identity theft.  All such owners will get a separate email regarding credit monitoring resources available at no charge.  You may want to alert your owner about this issue.

The GSA recommends that you monitor your bank accounts and notify your bank immediately if you find any discrepancies.

There are steps that SAM users can take to protect against identity theft and financial loss.  Visit the GSA System for Award Management Security Vulnerability FAQ Website for more information, or if you have questions, call 1-800-FED-INFO (1-800-333-4636), from 8 a.m. to 8 p.m. (Eastern Time), Monday-Friday.

The GSA apologizes for any inconvenience.