Hackers steal funds from federal grantee organizations
A group of hackers infiltrated government grant systems pretending to be award recipients. Utilizing SAM.gov, the US federal government’s system that manages contract award data and public information of real employees at grant recipient organizations, the hackers changed the awardee bank account information. The breach occurred in March 2023 and cost the government at least $7.5 million in stolen funds. The attack has caused the Department of Health and Human Services to require identity proof verification on any Payment Management System. It has now been revealed that the original sign on tool, Login.gov, did not meet the defined security standards, known as IAL2, set by the National Institute for Standards and Technology that were meant to ensure that a user is who they say they are. The fact that Login.gov was not up to security standards, other government agencies that were aware of this issue refused to use Login.gov, and the overall lack of transparency shows that the GSA misled other agencies about its compliance with the standard.
In the times we live in, it is vitally important to make sure that your business remains up to date on the current standards and regulations for your information security, especially businesses in the technology and financial sectors. As digital assets become increasingly adopted by the mainstream, additional legislation is being introduced. As new compliance regulations, like MiCA in the EU, continues to be adopted and required, staying in compliance with these standards is very important. Simply having adequate levels of Know Your Customer (KYC) technology in place can save your business from the risk of cyber-attack and government intervention.
For more information on MiCA, legislations, and security breaches in regard to digital assets; follow ValidEntry on our social media pages. Reach out to our team if we can answer any questions on ways to stay compliant with changing regulations.
HHS removed Login from its grantee payment system after funding theft — Nextgov/FCW
