The General Services Administration’s inspector general is investigating fraudulent activity on its contractor and grantee registration website after someone allegedly redirected federal payments to bank accounts not tied to the appropriate contractors.
GSA officials acknowledged the activity on its System for Award Management website, or SAM.gov, in a March 22 update on its site, saying that “only a limited number of entities” have been impacted by the activity.
“GSA’s SAM team is supporting GSA’s OIG in an active investigation into alleged third-party fraudulent activity related to SAM,” the notice said. “GSA has taken a number of proactive steps to address this issue and is in the process of making system modifications to prevent improper activity going forward.”
Government contractors, grant seekers and grantees have been required to register on the site since 2012, providing information like the data universal numbering system — or DUNS — number, Taxpayer Identification Number, bank account numbers and bank routing numbers for electronic payments.
Agency officials advised SAM entities to log into the site and check their financial information, including whether anticipated payments from federal agencies had been paid to bank accounts they didn’t register.
A GSA spokesperson told FedScoop that no technical or data breach of the SAM.gov site had occurred, but said the fraud was still under investigation.
“These contractors receive hundreds of billions of dollars of taxpayer money each year,” Christoph Mlinarchik, a government contracts expert and owner of consulting firm ChristophLLC.com, said in an email. “If somebody can get into this database, which includes the largest defense contractors, what other sensitive information is vulnerable?”
In the meantime, GSA has deactivated the entity registrations that appear to be affected and is requiring a notarized letter identifying the authorized entity administrators associated with the contractor’s DUNS number for any new SAM.gov registrations.
“GSA continues to support the Office of Inspector General’s ongoing investigation into third-party fraudulent activity in the System for Award Management,” a GSA spokesperson said in an email to FedScoop.
“GSA has already taken proactive steps to address this issue and has notified affected entities. We have published additional information regarding the ongoing investigation on GSA.gov and SAM.gov and will continue to work with the Office of Inspector General and law enforcement agencies to take additional appropriate action.”
But without knowing how the fraud was introduced, Mlinarchik said those steps offer contractors little comfort.
“It’s a band-aid on a gunshot wound. GSA can say they’re doing something while they figure out how to actually prevent this in the future,” he said.
GSA IG officials were not immediately available for comment.