Axar.az
UP
20 April 2018


9,400 High-Level US Security Clearance Workers

Home page Technology
12 Punto 14 Punto 16 Punto 18 Punto

Thousands of files containing personal and sensitive information on US citizens who have classified, and up to Top Secret, security clearances have been exposed; presumably for most of the year due to a security lapse.

Axar.az reports citing Sputnik that, Chris Vickery, director of cyber risk research at the California-based security firm UpGuard, discovered the cache of around 9,400 job application files on an unsecure Amazon Web Services S3 storage server that required no password to access..

The documents reveal a high level of detail about the past duties and responsibilities of thousands of individuals who were formerly and may still currently be employed by the US Department of Defense and other agencies within the US intelligence community.

The exposed personal information includes social security numbers, driver's license and passport numbers, home addresses and many other contact details.

Having briefly reviewed the files, UpGuard found that hundreds of resumes included those with Top Secret US security clearance — a prerequisite for a job at the Central Intelligence Agency, the National Security Agency, or the US Secret Service, among other government agencies.

Some of the documents also revealed sensitive and personal details about Iraqi and Afghan nationals who cooperated with US forces in their home countries and are now seen to have been put at risk in the leak.

Resumes were submitted for positions with the private security firm TigerSwan, but in a statement on Saturday, the firm asserted that the files were left unsecured by a third-party recruitment company called TalentPen, that was purported to have been used to process new job applicants.

According to the TigerSwan statement, TalentPen set up the supposedly secure server to transfer resume files to a TigerSwan server following the termination of TalentPen's contract in February of this year.

"[We] learned that our former recruiting vendor TalentPen used a bucket site on Amazon Web Services for the transfer of resumes to our secure server but never deleted them after our login credentials expired," the TigerSwan statement said.

"Since we did not control or have access to this site, we were not aware that these documents were still on the web, much less, were publicly facing."

Some of the applicants in the database were apparently involved in very sensitive and highly-classified military operations. At least one applicant claimed that he was charged with the transportation of nuclear activation codes and weapons components.

UpGuard noted that they found it "troubling" that the files remained accessible for a month after their Cyber Risk Team notified TigerSwan about the exposure.

Due to the number of resumes involved, the true impact of the breach has yet to be fully realized.

Date
2017.09.04 / 13:55
Author
Axar.az
Comments
See also

First suicide device introduced in Amsterdam

US, Russia likely to go to Mars together

NASA rockets human sperm on space round trip

Researchers suggest treating water with disintegration of droplets

Danish robot peeks at icebergs from below

Facebook to notify users whose data was harvested

Up to 2.7M Europeans affected by Facebook data breach

Russian media regulators sue to block Telegram

Google demand closure of joint AI project with Pentagon

Facebook, Instagram delete dozens of Russia-linked accounts

Latest
 
Xocalı soyqırımı — 1992-ci il Bağla
Bize yazin Bağla
ArxivBağla