"While scanning for unsecured databases at the end of September, an ethical security researcher stumbled upon the exposed cache of data and discovered that it was part of a site called DomeWatch. The service is run by the House Democrats and includes videostreams of House floor sessions, calendars of congressional events, and updates on House votes. It also includes a job board and résumé bank."
"After the researcher attempted to notify the House of Representatives' Office of the Chief Administrator on September 30, the database was secured within hours, and the researcher received a response that simply said, "Thanks for flagging." It is unclear how long the data was exposed or if anyone else accessed the information while it was unsecured. The independent researcher, who asked to remain anonymous due to the sensitive nature of the findings, likened the exposed database to an internal "index" of people who may have applied for open roles."
"Résumés were not included, they say, but the database contained details typical of a job application process. The researcher found data including applicants' short written biographies and fields indicating military service, security clearances, and languages spoken, along with details like names, phone numbers, and email addresses. Each individual was also assigned an internal ID."
Sensitive personal details of more than 450 people holding "top secret" US government security clearances were exposed online. The data belonged to a database of over 7,000 individuals who applied for jobs with House Democrats over the last two years. An ethical security researcher discovered the unsecured cache at the end of September and traced it to DomeWatch, a House Democrats-run site that hosts livestreams, calendars, votes, a job board, and a résumé bank. After notifying the Office of the Chief Administrator on September 30, the database was secured within hours. The exposed fields included biographies, military service, security clearances, languages, names, phone numbers, email addresses, and internal IDs. It remains unclear how long the information was accessible or whether anyone else accessed it.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]