Axar.az
UP
20 July 2018


9,400 High-Level US Security Clearance Workers

Home page Technology
12 Punto 14 Punto 16 Punto 18 Punto

Thousands of files containing personal and sensitive information on US citizens who have classified, and up to Top Secret, security clearances have been exposed; presumably for most of the year due to a security lapse.

Axar.az reports citing Sputnik that, Chris Vickery, director of cyber risk research at the California-based security firm UpGuard, discovered the cache of around 9,400 job application files on an unsecure Amazon Web Services S3 storage server that required no password to access..

The documents reveal a high level of detail about the past duties and responsibilities of thousands of individuals who were formerly and may still currently be employed by the US Department of Defense and other agencies within the US intelligence community.

The exposed personal information includes social security numbers, driver's license and passport numbers, home addresses and many other contact details.

Having briefly reviewed the files, UpGuard found that hundreds of resumes included those with Top Secret US security clearance — a prerequisite for a job at the Central Intelligence Agency, the National Security Agency, or the US Secret Service, among other government agencies.

Some of the documents also revealed sensitive and personal details about Iraqi and Afghan nationals who cooperated with US forces in their home countries and are now seen to have been put at risk in the leak.

Resumes were submitted for positions with the private security firm TigerSwan, but in a statement on Saturday, the firm asserted that the files were left unsecured by a third-party recruitment company called TalentPen, that was purported to have been used to process new job applicants.

According to the TigerSwan statement, TalentPen set up the supposedly secure server to transfer resume files to a TigerSwan server following the termination of TalentPen's contract in February of this year.

"[We] learned that our former recruiting vendor TalentPen used a bucket site on Amazon Web Services for the transfer of resumes to our secure server but never deleted them after our login credentials expired," the TigerSwan statement said.

"Since we did not control or have access to this site, we were not aware that these documents were still on the web, much less, were publicly facing."

Some of the applicants in the database were apparently involved in very sensitive and highly-classified military operations. At least one applicant claimed that he was charged with the transportation of nuclear activation codes and weapons components.

UpGuard noted that they found it "troubling" that the files remained accessible for a month after their Cyber Risk Team notified TigerSwan about the exposure.

Due to the number of resumes involved, the true impact of the breach has yet to be fully realized.

Date
2017.09.04 / 13:55
Author
Axar.az
Comments
See also

Sensitive US military files stolen, being sold on dark web

Britain to fine Facebook over data breach

Tesla moves first to hike prices in China

Musk’s team is talking with Thai Officials for cave rescue

Jawbone fitness trackers removed from online shops

Google’s Android is coming to cheap feature phones

Analyst predicts the price of 2018 iPhone models

Machine learning to stop hoaxes and fake news

Tesla to close a dozen solar facilities in nine states - Video

Trump hugs flag as he vows to launch new military ‘Space Force’

Latest
 
Xocalı soyqırımı — 1992-ci il Bağla
Bize yazin Bağla
ArxivBağla