The System for Award Management (SAM) database has experienced numerous (and ongoing) issues in recent times, and it appears that there’s still more to plow through. If your entity is registered in SAM, then you may have received an erroneous email earlier this month stating the following (links, emails, and personal information have been removed):
From: donotreply@sam.gov
Subject: SAM.gov | Someone updated the entity registration for {{LBN}}
Message:
[Email Removed].jp updated the SAM.gov entity registration for {{LBN}}, Unique Entity ID {{LBN}}, in SAM.gov on [Date Removed].
You are receiving this email because you are an Entity Administrator for this entity in SAM.gov.
[Email Removed].jp identified themselves as not being an employee, officer, or board member of {{LBN}}, and listed contractual agreement dates with this entity of {{CREATED_DATE}} to {{EXPRIATION DATE}}.
[Email Removed].jp also listed {{POC}} as the authorized point of contact for {{LBN}}, Unique Entity ID {{UEI}}.
If you think this message has been received in error, please contact the Federal Service Desk [Link removed].
This email was sent from SAM.gov
[End of Email]
Is this spam? Was SAM.gov hacked? Was I hacked? Who is this “someone”?
The message is baffling to look at and appears to be one of those emails that you shouldn’t click on. This is especially confusing to receive at this time while numerous contractors are actively trying to renew their registrations and/or have recently had their registrations recently approved for another year.
Fortunately, the SAM.gov team has responded to the contractor community with an update in hopes to reassure the community that all is well for the time being while their investigation continues. It has been confirmed that the email itself originated from SAM.gov (not spam) due to a system error. No malicious intent was discovered, and SAM believes that no data was exposed.
Recent post found on GSA Interact:
“First, some Entity Administrators received an email message from SAM.gov stating that their entity registration had been updated. This message was sent because of a system error. The person whose email address appeared in the message did not send it and it was not sent by a third party or a hacker. Anyone who received this message can safely ignore it. No action is required.
The SAM.gov team is investigating what happened and working to ensure it doesn’t happen again. We have no evidence of any security breach and we believe that no data was exposed. Security is foundational to SAM.gov, and we are confident that the data is secure.”
The SAM.gov team went on to address the email noted within the erroneous email:
“SAM.gov does send emails to Entity Administrators when someone else updates their registration. These emails come from donotreply@sam.gov and they help entities that use an external service provider to know when their information changes. This provides an extra layer of security.”
In short, the SAM.gov team is suggesting that “anyone who received this message can safely ignore it. No action is required.” And we suggest the same. Individuals should approach any email that looks like this with caution and asking SAM or your IT about any suspicious emails is the right course of action.
SAM also had an outage earlier this week as well, but the SAM.gov team has confirmed that this issue is unrelated to the erroneous email and the site appears to be operational at the time of this writing.
While this email seems to have been addressed and resolved (investigation continues), there are still numerous contractors actively trying to have their registrations renewed for another year. Contractors are now required to submit documents that will be reviewed by SAM and validates the entity’s company legal name, the business start date, the company’s physical address, and even user IDs. Articles of Incorporation and your latest utility bills may be used to substantiate the entity name and address, while various government issued personal documents (SSN card, Driver’s License, etc.) may be used to validate the user.
These required validations and reviews are taking a considerable amount of time, and due to the increased intensity, we are suggesting the clients we serve that we attempt to renew the SAM Registration at least three months out from the date of expiration for the time being.
Our GSA contract experts have helped many successful GSA Schedule contract holders with SAM Registrations. If you have any questions about your SAM Registration or are interested in obtaining a GSA schedule, contact us today at hello@coleygsa.com, by phone at 210-402-6766 or schedule a call to get started on obtaining your GSA Schedule—a critical step on your road to success in the government market.
Julio is a Senior Consultant with Coley GCS, LLC, a Government Contracts Consulting, Coaching and Training company. Julio has over 10 years’ experience helping companies succeed with their GSA schedules.