GSA: Odd email about changes to SAM registration info was a glitch, not a hack

Federal contractors and grant recipients got a scare Wednesday morning after waking up to a strange email claiming to have changed critical information about their government registration. The fright was further compounded by an unscheduled website outage preventing users from checking to ensure their information was correct.

According to the General Services Administration, the email was caused by a system bug and the outage was unrelated.

Users who manage their organization’s SAM.gov account reported getting an email shortly after 12 a.m. Wednesday stating that a user going by kamiya@n-messcud.jp changed information on their SAM registration—the reference number used to identify all organizations doing business with the government, including contracts and grants.

Concerned users jumped on scam chat boards and Reddit wondering if the system had been hacked. The scare was exacerbated by SAM.gov going down Wednesday morning, though many reported that they were able to log in by 11 a.m. and none of their information had been changed.

GSA later tweeted that the email was sent as part of a system error and not a hack.

“This does NOT appear to be a scam, phishing, hack, malicious behavior or security breach,” the agency said in a tweet. “Entity Administrators should ignore these emails generated by SAM.gov in error. Investigations continue but we believe this was related to a software issue.”

A GSA spokesperson told Nextgov an internal review was ongoing but that the email glitch and website downtime appeared to be unrelated issues.