The General Services Administration reports that there is “an active investigation into alleged third-party fraudulent activity” within the System for Award Management (SAM).
SAM is essentially the vendor database of the federal government. GSA is in the process of integrating a total of ten databases within SAM.
The alleged breach was identified by GSA’s Office of Inspector General (OIG). GSA is concerned that vendor’s financial information and points of contact could be exposed.
GSA reports that entities whose financial information has changed within the last year are in the process of being notified and are being advised to validate their registration information, particularly their financial information. GSA’s notification process began on March 22, 2018.
An “entity” is any company, business, or organization who has registered within SAM as a federal contractor or would-be federal contractor.
In the announcement of the breach, GSA advises that “entities should contact their Federal agency awarding official if they find that payments, which were due their entity from a Federal agency, have been paid to a bank account other than the entity’s bank account.” SAM contains bank routing information on each entity.
New SAM registration procedures are now in effect, presumably temporarily. An original, signed notarized letter identifying the authorized Entity Administrator for the entity associated with the DUNS number must be submitted before a new SAM entity registration will be activated.
Update: GSA has produced a template for the notarized letter. It is available at: SAM_Notary_Letter_Template_4.12.18_GSA_version
Information on GSA’s work-around SAM registration process is detailed on the Federal Service Desk’s web site at: https://www.fsd.gov/fsd-gov/answer.do?sysparm_kbid=d2e67885db0d5f00b3257d321f96194b&sysparm_search=sam