More info on possible SAM Hack from our colleagues and fellow professors at NJIT:
On March 22, 2018, the General Services Administration (GSA), the federal agency that oversees SAM’s operation, reported an “active investigation” is being conducted into alleged, third party fraudulent activity involving SAM. GSA says it is in the process of notifying those that may have been impacted and has indicated that it will deactivate “any entity registrations that appeared to have been affected.” GSA further stated that the deactivated “entities are being advised to validate their registration information in SAM, particularly their financial information and points of contact.”
GSA’s recent statements may have implications for all businesses, institutions, and individuals registered in SAM. The New Jersey Institute of Technology’s Procurement Technical Assistance Center (NJIT PTAC) is providing the following advice to all clients.
What To Do If You Are Already Registered in SAM
We recommend that if your business is registered in SAM, you take the following actions:
1. With your User Name and Password, log into your SAM account at https://www.sam.gov and navigate to the Financial Information page. There, you will find your Electronic Funds Transfer (EFT) information. This is where you inserted your bank Routing Number and your bank Account Number as a part of the SAM registration process. Check these numbers to make sure they are correct and have not been changed. If you discover banking information other than your own, it is possible that federal contract payments have been or will be made to a bank other than yours. If these numbers have been changed, this is evidence that your account has been compromised, and you should report this immediately to the Federal Service Desk at www.fsd.gov, or by telephone at 866-606-8220 (toll free) or 334-206-7828 (internationally). Be sure to maintain your user name and password in a safe place.
2. While you are logged-in to SAM, you also should check your Taxpayer Identification Number (TIN). Your TIN is a 9-digit Employer Identification Number (EIN) that SAM uses to uniquely identify your business, and it is validated by the Internal Revenue Service (IRS) as a part of your initial registration in SAM. If you discover that your TIN/EIN has been changed, you should report this immediately to the Federal Service Desk at www.fsd.gov, or by telephone at 866-606-8220 (toll free) or 334-206-7828 (internationally).
3. Important note: If you used your Social Security Number (SSN) as your EIN when you set up your account, now is a good time to obtain an EIN and insert it into SAM instead of your SSN. You can apply for and obtain an EIN on-line at: https://www.irs.gov/businesses/small-businesses-self-employed/apply-for-an-employer-identification-number-ein-online.
4. Remember, as a SAM registrant, you are required to change your password every 180 days. In addition, you must update and renew your SAM registration annually. You are responsible for ensuring that your information is current and correct in SAM at all times.