14 DAY TRIAL // The US General Services Administration (GSA) reports that a serious security hole has been identified in the System of Award Management (SAM) database. The vulnerability could have been exploited to gain access to the registration information of certain users.
The security hole, which exposed personal and financial details, was identified on March 8 and was patched on March 10.
“Immediately after the vulnerability was identified, GSA implemented a software patch to close this exposure. At this time, GSA is undertaking a full review of the system and investigating any potential additional impacts, to registrants in SAM,” GSA wrote in a vulnerability FAQ.
It appears that the most vulnerable users are those who utilized their social security numbers (SSNs) as a Taxpayer Identification Number, and opted in to public search.
These users will be contacted separately and they will be provided with access to credit monitoring services.
Nextgov reports that around 600,000 users are registered to SAM.