Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
sensitive personal Details of more than 450 people holding “top secret” US government security clearances have been exposed online, new research shows Wired. People’s details were included in a database of more than 7,000 people who have applied for jobs with Democrats over the past two years. United States House of Representatives.
While scanning for unsecured databases at the end of September, an ethical security researcher stumbled upon an exposed cache of data and discovered that it was part of a site Domwatch. The service is run by House Democrats and includes video streams of House floor sessions, a calendar of congressional events and updates on House votes. It also has a job board and resume bank.
After the researcher tried to notify the House of Representatives Office of the Chief Administrator on September 30, the database was secured within hours and the researcher received a response that simply said, “Thanks for flagging.” It’s unclear how long the information was exposed or whether anyone else accessed the information while it was insecure.
Independent researcher, who remains anonymous The sensitive nature of the resultscompared the open database with an internal “index” of people who had applied for open roles Resumes aren’t included, they say, but the database contains general details of a job application process. Researchers found brief written biographies of applicants, including details such as names, phone numbers and email addresses, and data indicating military service, security clearances and languages spoken. Each person was also assigned an internal ID.
“Some of the people described in the data have spent 20 years on Capitol Hill,” the researcher told Wired, adding that the data went beyond lists of interns or junior staffers. That’s what makes the finding so worrisome, researchers say, because they fear that if the data falls into the wrong hands — perhaps a hostile state or malicious hackers — it could be used to compromise government or military personnel who have access to potentially sensitive information. “From a foreign adversary’s perspective, this is a gold mine you want to target,” the security researcher said.
WIRED has reached out to the offices of the top administrator and House Democrats for comment. Some staff members contacted by WIRED were unavailable because they were furloughed as a result of the ongoing U.S. government shutdown.
Joy Lee, spokeswoman for House Democratic Whip Catherine Clarke, told WIRED in an Oct. 22 statement, “Today, our office was notified that an outside vendor potentially exposed information stored on an internal site. DomeWatch is under the purview of Clarke’s office. “We immediately alerted the Office of the Chief Administrative Officer, and a full investigation has been launched to identify and correct security vulnerabilities.” Lee added that the outside vendor is “An independent consultant who helps with the backend of DomWatch”.
