In what a researcher described as a “gold mine” for foreign adversaries, a database containing the personal details of more than 7,000 people who applied for jobs with Democrats in the U.S. House of Representatives was left exposed on the public internet. More than 450 of those applicants, according to Wired, hold “top secret” security clearances in the federal government.
The exposed database was discovered by a security researcher in late September. The researcher declined to be identified because of the sensitivity of the matter, Wired reported.
Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.
Point phone camera here
The database was linked to a service known as DomeWatch, used by House Democrats to host, among other things, a job board, a congressional events calendar and video streams of House floor sessions.
The researcher alerted the House of Representatives’ Office of the Chief Administrator to the exposure on Sept. 30 and received a short message in response: “Thanks for flagging.”
The database was quickly secured. It remains unclear for how long it had been exposed and whether any unauthorized access had taken place.
‘It shouldn’t be exposed’
In a statement to Wired, the researcher said that although the database did not contain résumés, it did include information such as applicants’ biographies, military service details and security clearances. Personal data, including names, phone numbers and email addresses, was also present.
“Some people described in the data have spent 20 years on Capitol Hill,” the researcher told Wired. “From the perspective of a foreign adversary, that is a gold mine of who you want to target.”
The vast majority of the applicants — about 6,300 — described themselves as Democrats, while just 17 said they were affiliated with the Republican Party. More than 250 listed their political affiliations as “independent” or “other.”
Roughly 4,200 of the applicants had prior experience working in Congress.
“This research was not targeted toward any political party or affiliation,” the researcher said, “It was just finding data, realizing that it could be vulnerable and thinking of all the ways that not just criminals could use it, but foreign adversaries. It shouldn’t be exposed.”
Investigation underway
Joy Lee, a spokesperson for Rep. Katherine Clark, D-Mass., the House Democratic whip, said a full investigation has been launched to identify any other security vulnerabilities.
“Today, our office was informed that an outside vendor potentially exposed information stored in an internal site,” Lee told Wired last week. “We immediately alerted the Office of the Chief Administration Officer, and a full investigation has been launched to identify and rectify any security vulnerabilities.”
