Technology
Security Firm Exposed More Than 9,000 Job Applications in Data Breach
Published:
Last Updated:
Personally identifiable records were inadvertently exposed on more than 9,000 job applicants for a North Carolina-based private security firm. In hundreds of cases, the data included a job applicant’s claim of a “Top Secret” security clearance.
The company, TigerSwan, told a cyber risk team from Upguard that a third-party vendor responsible for handling new job applicants did not properly secure the applicants’ data once the vendor was terminated and the data transferred back to TigerSwan in February of this year. The exposed files were not discovered until July 20.
The data breach resulted from an improperly configured and secured S3 data storage bucket provided to the vendor — a recruiting firm named TalentPen — by Amazon Web Services (AWS). A similar oversight was responsible for the exposure of some 14 million Verizon customers’ records earlier this year.
Most of the exposed records belonged to U.S. military veterans who had provided a lot of detail about their past duties, including sensitive defense and intelligence roles. The exposed data included information typically found on a résumé: name, address, phone, email address.
But the résumé data also included such non-typical items as security clearances, driver license numbers, passport numbers and partial Social Security numbers. According to UpGuard, that wasn’t the worst of it:
Most troubling is the presence of resumes from Iraqi and Afghan nationals who cooperated with US forces, contractors, and government agencies in their home countries, and who may be endangered by the disclosure of their personal details.
TigerSwan has posted a detailed explanation of its actions and timeline and says it is evaluating its “vendor selection processes and their data management practices.” The firm lays most of the blame for the exposed data at the feet of its vendor, and CEO Jim Reese offered this statement to those who may have had their data exposed:
As a Service-Disabled, Veteran-Owned Small Business, we find the potential exposure of their resumes inexcusable. To our colleagues and fellow veterans, we apologize.
24/7 Wall St.Sponsored: Want to Retire Early? Here’s a Great First Step
Want retirement to come a few years earlier than you’d planned? Or are you ready to retire now, but want an extra set of eyes on your finances?
Now you can speak with up to 3 financial experts in your area for FREE. By simply clicking here you can begin to match with financial professionals who can help you build your plan to retire early. And the best part? The first conversation with them is free.
Click here to match with up to 3 financial pros who would be excited to help you make financial decisions.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Editors' Picks
