jump to navigation

“Do as I say, Not as I do”…General Services Administration (GSA) Exposes Personal Data March 16, 2013

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
add a comment

Brian Miller, Martha Johnson, Jeff Neely, Michael Robertson, David FoleyThe infamous GSA, who in 2012, was identified for gross fraud, waste, and abuse, sent an email today disclosing to me, and every other company that has participated in Government contracting that the System for Award Management (SAM) system had a vulnerability that exposed sensitive data.  Here is a copy of the email I recieved today: (bold is my emphasis)..Before I go into more detail, I would personally like to thank the GSA for exposing my bank account data and SS# through their blind incompetence.  At least they “apologized” in their email.

Dear SAM user

The General Services Administration (GSA) recently has identified a security vulnerability in the System for Award Management (SAM), which is part of the cross-government Integrated Award Environment (IAE) managed by GSA.  Registered SAM users with entity administrator rights and delegated entity registration rights had the ability to view any entity’s registration information, including both public and non-public data at all sensitivity levels.

Immediately after the vulnerability was identified, GSA implemented a software patch to close this exposure.  As a precaution, GSA is taking proactive steps to protect and inform SAM users.

The data contained identifying information including names, taxpayer identification numbers (TINs), marketing partner information numbers and bank account information. As a result, information identifiable with your entity registered in SAM was potentially viewable to others.

Registrants using their social security numbers instead of a TIN for purposes of doing business with the federal government may be at greater risk for potential identity theft. These registrants will receive a separate email communication regarding credit monitoring resources available to them at no charge.

In the meantime, we wanted you to be aware of certain steps that all SAM users may want to take to protect against identity theft and financial loss. Specific information is available at www.gsa.gov/samsecurity.  If you would like additional background or have questions, you may call 1-800-FED-INFO (1-800-333-4636), from 8 a.m. to 8 p.m. (ET), Monday-Friday starting Monday, March 18. We recommend that you monitor your bank accounts and notify your financial institution immediately if you find any discrepancies.

We apologize for any inconvenience or concern this situation may cause. We believe it is important for you to be fully informed of any potential risk resulting from this situation. The security of your information is a critical priority to this agency and we are working to ensure the system remains secure. We will keep you apprised of any further developments.”

Interestingly, the FAQ posted on their website does not indicate how long the data was exposed.  Since SAM went into effect over a year ago, I am guessing that the vulnerability  had been in place for at least a year. 

Maybe, just maybe, instead of sending GSA employees to ‘cooking class’, and funding parties in Hawaii, the Federal Government should focus on protecting the data to which it is entrusted.  The Federal Government recently passed a CyberSecurity directive…again, maybe they should focus on cleaning their own house.

“SDVOSB” – Mark Consulting Group Registers as Service Disabled Veteran Owned Small Busines August 3, 2012

Posted by Chris Mark in News.
Tags: , , , , , , , ,
add a comment

I have finally completed the Department of Veterans Affairs and the SAM (formerly CCR etc.) registration process to have Mark Consulting Group certified as a Service Disabled Veteran Owned Small Business (SDVOSB).  Hopefully, the VA will complete verification within a few days.  If you are in need of information services please consider The Mark Consulting Group.

According to the United States Code of Federal Regulations, a Service Disabled Veteran Owned Small Business (SDVOSB) is formally defined thus:“A service-disabled veteran-owned small business concern is a business not less than 51 percent of which is owned by one or more service-disabled veterans, or in the case of any publicly owned business, not less than 51 percent of the stock of which is owned by one or more service-disabled veterans; the management and daily business operations of which are controlled by one or more service-disabled veterans, or in the case of a veteran with a permanent and severe disability, a spouse or permanent caregiver of such veteran. In addition, some businesses may be owned and operated by an eligible surviving spouse. Reservists or members of the National Guard disabled from a disease or injury incurred or aggravated in line of duty or while in training status also qualify.”

%d bloggers like this: