Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Details of U.S. ‘Top Secret’ Clearance Holders Leaked Online

The personal details of thousands of individuals who submitted job applications to an international security firm were exposed online due to an unprotected storage server set up by a recruiting services provider.

The personal details of thousands of individuals who submitted job applications to an international security firm were exposed online due to an unprotected storage server set up by a recruiting services provider.

Chris Vickery of cyber resilience firm UpGuard discovered on July 20 an Amazon Web Services (AWS) S3 storage bucket that could be accessed by anyone over the Internet. The server stored more than 9,400 documents, mostly representing resumes of people who had applied for a job at TigerSwan, an international security and global stability firm.

The documents included information such as names, physical addresses, email addresses, phone numbers, driver’s license numbers, passport numbers and at least partial social security numbers (SSNs). In many cases, the resumes also provided information on security clearances from U.S. government agencies, including the Department of Defense, the Secret Service, and the Department of Homeland Security. Nearly 300 of the exposed resumes listed the applicant as having a “Top Secret/Sensitive Compartmented Information” clearance.

According to UpGuard, a majority of the individuals whose information was compromised were military veterans, but hundreds of resumes belonged to law enforcement officers who had sought a job at TigerSwan, a company recently described by The Intercept as a “shadowy international mercenary and security firm.”

The list of affected people also includes a former United Nations worker, an active Secret Service agent, a parliamentary security officer from Eastern Europe, and a logistical expert from Central Africa.

UpGuard also highlighted that some of the individuals whose details have been leaked are Iraqi and Afghan nationals who worked with U.S. and Coalition forces. Experts believe the leak could pose a serious risk to these individuals if someone other than UpGuard found the unprotected storage server.

UpGuard informed TigerSwan about the leak on July 21, but the files were left unprotected until August 24. In a statement published on its website, TigerSwan clarified that the files were exposed by TalentPen, a recruiting firm whose services it had used between 2008 and February 2017.

TigerSwan said it initially believed that UpGuard’s warnings via email and phone were part of a phishing attack, especially since the notifications came shortly after the WannaCry and NotPetya malware outbreaks and the URLs provided by the cybersecurity firm were not linked to TigerSwan. The company realized that UpGuard’s claims were legitimate only on August 31, when it was contacted by reporters, but by that time the storage server had been secured by TalentPen.

Advertisement. Scroll to continue reading.

TigerSwan says it’s in the process of contacting affected individuals. The company has advised people who submitted a resume on its website between 2008 and 2017 to call a hotline (919-274-9717) to find out if they are impacted by the incident.

In order to help prevent these types of leaks, Amazon recently announced the launch of Macie, a new security service designed to help AWS users protect sensitive data.

Related: Millions of Dow Jones Customer Records Exposed Online

Related: Engineering Firm Exposed Electrical Infrastructure Details

Related: Republican Party Contractor Exposes Details of 198 Million American Voters

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.