GUDID data deficiency communication - IS THIS A SCAM?

markg123

Registered
Hello all -

Recently received an very plain looking email (no branding) from GS1 (maybe?) regarding GUDID device records. In essence, it said they reviewed data submitted to GUDID and identified several device identifier (DI) records that were incorrect. The issue they gave was a mismatch between GS1 Global Company Prefix (GCP) company name and GUDID company name. They gave an email to respond to: [email protected].

Is this legit? Has anybody else received a "data deficiency communication" from GS1 or otherwise had their data submissions to GUDID reviewed? Trying to determine if this is some sort of scam.
 

Beth1212

Inactive Registered Visitor
Hello all -

Recently received an very plain looking email (no branding) from GS1 (maybe?) regarding GUDID device records. In essence, it said they reviewed data submitted to GUDID and identified several device identifier (DI) records that were incorrect. The issue they gave was a mismatch between GS1 Global Company Prefix (GCP) company name and GUDID company name. They gave an email to respond to: [email protected].

Is this legit? Has anybody else received a "data deficiency communication" from GS1 or otherwise had their data submissions to GUDID reviewed? Trying to determine if this is some sort of scam.


Mark,
I can assure you that this is legitimate. GS1 is an accredited Issuing Agency of the US FDA UDI System and reviews GUDID for records submitted using GS1 as the Issuing Agency to create UDIs. If we find records that are not correct with regards to the GTIN assigned we notify those companies as required of us by the US FDA. Please feel free to respond to the email address in the notice for assistance.
 

Ronen E

Problem Solver
Moderator
Mark,
I can assure you that this is legitimate. GS1 is an accredited Issuing Agency of the US FDA UDI System and reviews GUDID for records submitted using GS1 as the Issuing Agency to create UDIs. If we find records that are not correct with regards to the GTIN assigned we notify those companies as required of us by the US FDA. Please feel free to respond to the email address in the notice for assistance.
"We"? "Us"? Are you from GS1? How can anyone tell?...
No offence, but this feels like a scam follow-up more than reassurance. I wouldn't click on anything or respond directly to a suspicious email. Instead, I'd contact the relevant body independently (call them or send a message through the official website which I'd find through a search engine).
 

Watchcat

Trusted Information Resource
Beth1212, that doesn't mean the email itself was legit. Spoof emails typically mimic the legitimate activity of the sender they are spoofing.
 

Marc

Fully vaccinated are you?
Leader
It appears that gs1us. org is a commercial company owned by GS1 US, Inc.
This is from their website:
*For information about the rule, see the U.S. FDA Unique Device Identification System

Disclaimer: GS1 US is the local GS1 Member Organization that supports implementation of the GS1 System in the United States. GS1 US employees are not representatives or agents of the U.S. FDA, and the content herein has not been reviewed, approved, or authorized by the U.S. FDA.

GS1 is a U.S. FDA-Accredited Issuing Agency for UDI, and GS1 Standards are authorized for use in implementing the requirements of the U.S. FDA UDI Rule.

In this publication, the letters “U.P.C.” are used solely as an abbreviation for the “Universal Product Code”, which is a product identification system. They do not refer to the UPC, which is a federally registered certification mark of the International Association of Plumbing and Mechanical Officials (IAPMO) to certify compliance with a Uniform Plumbing Code as authorized by IAPMO.

As a neutral and not-for-profit membership-based organization, we are guided and governed by our users. In this unique role, GS1 US actively brings together the business community under our leadership to identify issues impacting their business or industry and build consensus around best practices using standards-based solutions.
We also work with individual organizations to help implement company-level solutions that use global standards to make supply chain business processes better.

Emails from US government agencies typically have a .gov email address. For example:
Code:
https://www.federalregister.gov/

I would say it's likely you are on a "spam" type of email list.
 
Last edited:
look at "view source" to see the email headers and info, spoofed addresses may be seen there, as well is the "originating IP address". They are getting very sophisticated, but I agree, go directly to the supposed source, not through any info in the email, unless you wish to invite a ransomware attack.
 

Beth1212

Inactive Registered Visitor
"We"? "Us"? Are you from GS1? How can anyone tell?...
No offence, but this feels like a scam follow-up more than reassurance. I wouldn't click on anything or respond directly to a suspicious email. Instead, I'd contact the relevant body independently (call them or send a message through the official website which I'd find through a search engine).

I am from GS1 US and you are welcome to visit our website (Google "GS1US" since this blog site will not allow me to post a live link) or the US FDA UDI website (Google "FDA UDI" since this blog site will not allow me to post a live link). GS1 (and its global affiliates like GS1 US) is a not-for profit standards organization that is one of 3 accredited issuing agencies of the US FDA UDI Rule.
I am sorry the communication came across in a questionable format. It was properly formatted and sent from our Customer Relationship Management system for tracking purposes. I will report back to our IT Team that the formatting may be getting lost in some instances.
In the meantime markg123 you are welcome to reach out to me directly at [email protected] if you are more comfortable doing that. The objective of the communication was to notify your organization that there are incorrectly formatted GS1 Global Trade Item Numbers (GTINs) in GUDID. These entries are in need of correction to avoid a warning letter from the US FDA.
 

Watchcat

Trusted Information Resource
Beth1212, I realize you are "just tryin' to help," but you aren't.

I suggest you tell IT that the problem is that GS1 US seems to be lacking in expertise it comes to matters of cybersecurity, not that its formatting may be getting lost. This isn't a marketing email. (Or is it?)

Apparently cybersecurity is yet another area in which CDRH might not be walking its talk lately. And with UDI, of all things.
 
Top Bottom