Software Glitch Exposed Federal Contractors' Financial Data
BY Erik Sherman
If you've registered lately to do work for the federal government, check your bank accounts: A software bug may have put you at risk.
As any entrepreneur who's done it knows, there's a lot of work to be had via federal contracts. If you get a foot in the door, it can turn into a great base of business. But if you have signed up as a potential contractor recently, take note: A glitch in the General Services Administration's main software application may have exposed your sensitive financial information earlier this month.
The GSA reported that a software problem found in early March allowed some users of the System for Award Management (SAM), a main software application for contractors, to see others' public or private data. The exposed information included tax payer IDs as well as bank account numbers for direct deposit of payments when they came due.
About 183,000 individuals who were listed on the SAM system used their Social Security numbers as a tax ID. Companies would have listed an Employer Identification Number. The GSA has yet to release details of how many individuals might have used an EIN, but still provided bank details, nor how many companies were registered.
The danger for a sole practitioner is easy to see, A person who has your SSN, name, address, and other such information can impersonate you and then get credit and incur debt in your name. Bank information makes it relatively easy for someone to drain your account of money.
But even if you've registered with company information rather than personal, you can't breathe easily. Few people realize that identity thieves can use similar techniques to pretend they represent companies and then cause similar types of financial damage.
Individuals who registered as contractors and used their Social Security numbers as tax IDs are supposed to have received an email explaining the availability of credit monitoring services. Unfortunately, that alone is inadequate to avoid problems. Not all credit transactions are reported to the three major credit agencies and, by the time they are, damage may already be done. Those who are at risk should strongly consider filing a formal credit freeze, which can stop a criminal from completing a credit application in your name.
Unfortunately, the options that the GSA has offered companies come down to recommending "that you monitor your bank accounts and notify your financial institution immediately if you find any discrepancies."
As most banks have anti-fraud groups, it would be prudent to contact the appropriate one, explain the problem, and ask for their suggestions on how to effectively manage the issue.
You might also consider doing some research into identity theft and the steps you can take. Although I have no financial interest in this book, I was the editor for the Complete Idiot's Guide to Recovering from Identity Theft and would suggest that as a starting point. Identity theft, whether the victim is an individual or a company, can become a massive problem and take a long time to unravel.