A recent glitch in an online database has put sensitive information belonging to US government contractors at risk of exposure to other employees. According to an online post on the website for the US General Services Administration (GSA), a recently discovered (and patched) security vulnerability in the System for Award Management database (SAM) could have inadvertently allowed members of the database to view others' information.
"Immediately after the vulnerability was identified, GSA implemented a software patch to close this exposure. GSA is undertaking a full review of the system and investigating any potential additional impacts to registrants in SAM," reads a post on the GSA site.
"The security of this information is a top priority for this agency and we will continue to ensure the system remains secure."
The GSA intends to offer free credit monitoring services for those who used a social security number instead of a taxpayer identification number to identify themselves within the database, as a result of the larger risk for potential identity theft. Additional information that could have been viewed by other SAM members includes users' bank account numbers, marketing partner information numbers, and contact information.
If there's any silver lining to the vulnerability, it's that the GSA doesn't believe that users' secure information was accessed by those who shouldn't have.
"To date, GSA has no evidence that registrant's data was improperly used, changed or lost. However, GSA is undertaking a full review of the system and investigating any potential additional impacts to registrants in SAM," reads the site's FAQ.
It's unclear just how long said site vulnerability was actually live – although the GSA did work quickly to slam the door shut. After the security hole was brought to the GSA's attention on March 8, it took the organisation just two days to come up with a patch to fix the issue.
As for the number of users that might have been affected, Nextgov reports that approximately 600,000 companies currently have access to (and their information in) the SAM database.
The GSA suggests that users monitor their banking and financial information to ensure that any unexpected issues can be quickly caught, in case anything does stem from the vulnerability. Aside from that, and the GSA's security review, there's little other information at this time as to other next steps contractors can take to ensure the integrity of their private data.