Security vulnerability exposes confidential information of firms seeking government contracts

All federal vendors registered with the General Services Administration had their companies' confidential information exposed in a massive computer security screw-up, the agency said.

The GSA, the procurement arm through which government agencies buy products and services, is conducting a “full review” of its System for Award Management after the shocking security breach, federal officials told The latest issue with the IBM-administered system, which has been plagued with problems since it was implemented last year to integrate some eight different procurement systems, was reported to GSA officials on March 8. A software patch was implemented to close the exposure of both public and non-public data, including names, taxpayer identification numbers, marketing partner information numbers and bank account details.

“All registered SAM users were made aware of the situation,” GSA Deputy Press Secretary Jackeline Stewart told in an email. “At this time, GSA is undertaking a full review of the system and investigating any potential additional impacts to registrants in SAM. The security of this information is a top priority for this agency and we will continue to ensure the system remains secure.”


The most vulnerable users, according to GSA’s website, are those who utilize Social Security numbers as a taxpayer identification number and those whose “opted in” to public search capabilities.

More On This...

Access to view any records was strictly “role based,” Stewart said, adding that a registered user would have had to have been an authorized Entity Administrator or Entity Registration Representative to view the information.

“A casual browser from the outside would not be able to view any sensitive data,” Stewart’s email continued.

But the owner of a California engineering firm seeking government business told he remains on alert following the receipt of an email notifying him of the breach  on Saturday.

“Yeah, it was a concern and I guess still is,” the man said Tuesday, asking that his name be withheld due to fears of retribution from federal officials. “You never know when something gets hacked. But so far, nothing has happened.”

The biggest concern for the owner was exposure of his bank account information and the possibility of someone diverting funds from his account. The database likely contains “tens of thousands” of vendors, he said.

US Federal Contractor Registration, a third-party firm that helps small businesses navigate the rules and requirements for getting government business, was inundated by worried contractors, according to spokesman Eric Knellinger.

"Our phones are ringing off the hook and our staff are working extra hours to handle frustrated contractors," Knellinger said. "We will do whatever it takes to help contractors understand the registration process and take the fears away from concerned contractors.”

GSA officials made headlines last year when it was uncovered that a top-ranking department official fraudulently overbilled taxpayers for a personal hotel stay at a Las Vegas resort in 2010. The government agency, which owns and oversees thousands of federal real estate properties, was widely criticized for wasting more than $822,000 in funds on a lavish conference for 300 federal workers that included penthouse suites, a psychic, a clown, a bicycle training exercise, and lavish catering.

More recently, congressional auditors reported earlier this month that millions of square feet of wasted space in federal courthouses opened since 2000 is costing U.S. taxpayers upwards of $51 million per year. The 33 courthouses, including the Ferguson Courthouse in Miami, were overbuilt by more than 3.5 million square feet at an initial construction cost of $835 million, according to the study by the Government Accountability Office.

U.S. Rep. John Mica, a Florida Republican who chairs the House subcommittee, said the hearing was aimed at shining a light on "this waste and unacceptable inaction." Mica placed much of the blame on the GSA, which owns and oversees the Miami courthouse that opened in 1933.

The Associated Press contributed to this report.