The container contained 9,402 records, most of which were resumes of candidates seeking offices at an international security firm and U.S. military contractor TigerSwan, though the database was managed and maintained by the third-party recruiting vendor, TalentPen.
The unsecured repository, an Amazon Web Services S3 data storage bucket, was found by Chris Vickery, the manager of cyber risk research at cyber resilience company UpGuard. The container was configured for public access, suggesting any person aware of the field could view the contents of the database including the resumes, which were discovered a subdomain named “tiger swan resumes.”
The thousands of openly available resumed held delicate personal information and very detailed records of service from defense and intelligence veterans. The forms often listed contact information including home addresses, phone numbers, and email addresses.
They also combined work history, which often revealed sensitive information such as driver’s license numbers, passport numbers, Social Security numbers and in unusual cases even security clearances. There were 295 candidates who claimed a “Top Secret/Sensitive Compartmented Information” clearance and one candidate with clearance above the top secret level.
Military officers were also shown in the sources of applicants. The contact data of a former U.S. ambassador to Indonesia and a past director of the CIA’s secret service were among those listed in resume references sections.
While many of the resumes came from U.S. military experts, the repository also included statements from Iraqi and Afghan nationals who cooperated with U.S. forces, contractors, and government agencies working in their home countries.
Disclosure of private details from foreign nationals who served with U.S. forces may put those people at risk within their own nations. Such was the case with translators and editors who were promised U.S. visas in trade for helping the U.S. military but did not hold them in a timely manner. Those vital donors to military operations lived in fear of reprisal from fighting forces in their home countries.
Take your time to comment on this article.
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018