Researchers from cybersecurity company UpGuard have discovered thousands of files containing personal data on former US military, intelligence, and government workers have allegedly been exposed online for months.
The data breach has been initially attributed to Security Firm Tigerswan, but the company confirmed that it outsourced the selection of applicants to the recruitment firm TalentPen vendor hired to process new job applicants. The data addresses, phone numbers, and private email accounts.
According to Gizmodo.com, some 9,400 sensitive files were accessible to anyone on a misconfigured Amazon cloud server in a folder called “resumes.”
Some of the profiles exposed have classified or Top Secret security clearances, they applied for work at the notorious security firm TigerSwan.
The exposed documents included CVs of thousands of US citizens, many of them might have worked with the US military and US intelligence agencies (i.e. Central Intelligence Agency, the National Security Agency, US Secret Service).
“The UpGuard Cyber Risk Team can now disclose that a publicly accessible cloud-based data repository of resumes and applications for employment submitted for positions with TigerSwan, a North Carolina-based private security firm, were exposed to the public internet, revealing the sensitive personal details of thousands of job applicants, including hundreds claiming “Top Secret” US government security clearances.” states a blog post published by UpGuard. “TigerSwan has recently told UpGuard that the resumes were left unsecured by a recruiting vendor that TigerSwan terminated in February 2017. If that vendor was responsible for storing the resumes on an unsecured cloud repository, the incident again underscores the importance of qualifying the security practices of vendors who are handling sensitive information.”
The impact of the data leak could be severe, some applicants were involved in highly-classified US military operations.
According to the firm UpGuard, at least one of the applicants claimed he was charged with the transportation of nuclear activation codes and weapons components.
“One applicant referenced his employment as a “warden advisor” at the infamous Abu Ghraib black site near Baghdad, where prisoners are known to have been tortured. The applicant described his job as “establishing safe and secure correctional facilities for the humane care, custody, and treatment of persons incarcerated in the Iraqi corrections system.” reported Gizmodo.com
“Another applicant reportedly stated that he was involved in “enhancing evidence” against Iraqi insurgents during the war. Others, who provided their home addresses, as well as personal email accounts and phone numbers, were employed and may be currently employed by US spy agencies for work on Top Secret surveillance and intelligence-gathering operations.”for work on Top Secret surveillance and intelligence-gathering operations.”