Hundreds With Top Secret Clearance Exposed in House Democrats’ Data Breach
▼ Summary
– Over 450 people with “top secret” US government security clearances had their personal details exposed in an unsecured online database.
– The database was part of DomeWatch, a service run by House Democrats that includes a job board and résumé bank for congressional job applicants.
– An ethical security researcher discovered the exposed data in late September and notified officials, leading to the database being secured within hours.
– The exposed information included applicants’ names, contact details, biographies, and fields indicating security clearances, military service, and languages spoken.
– House Democrats launched a full investigation and attributed the exposure to an outside vendor, while the researcher warned the data could be a “gold mine” for foreign adversaries.
A significant data breach has exposed the personal information of more than 450 individuals holding top secret US government security clearances. This sensitive data was part of a larger database containing details on over 7,000 people who applied for jobs with House Democrats over the past two years. The exposure was discovered by an independent security researcher scanning for unsecured information online.
The researcher identified the unprotected data at the end of September, finding it connected to a service called DomeWatch, which is managed by House Democrats. This platform provides video streams of House floor proceedings, congressional event calendars, and updates on legislative votes. It also hosts a job board and a résumé bank for applicants. Upon discovering the breach, the researcher promptly alerted the House of Representatives’ Office of the Chief Administrator. The database was secured within hours, with the office responding, “Thanks for flagging.” It remains unknown how long the information was publicly accessible or whether any unauthorized parties accessed it during that period.
The security expert, who requested anonymity given the sensitive nature of the discovery, described the database as an internal index of individuals who had applied for various positions. While résumés were not included, the database contained typical job application details. These included applicants’ short biographies, indicators of military service, security clearance levels, languages spoken, along with personal identifiers such as names, phone numbers, and email addresses. Each person was also assigned a unique internal identification number.
The researcher emphasized that the exposed records included seasoned professionals, not just interns or junior staff. Some individuals listed had accumulated twenty years of experience on Capitol Hill. This aspect made the breach particularly alarming. The concern is that if malicious actors, such as hostile foreign states, had obtained this data, they could have used it to identify and target government or military personnel with access to highly sensitive information. From an adversary’s viewpoint, this collection of data would represent a valuable resource for identifying potential targets.
When contacted for comment, the Office of the Chief Administrator and House Democrats did not provide an immediate response. Some staff members were unavailable due to furloughs resulting from the ongoing federal government shutdown. A spokesperson for House Democratic whip Katherine Clark, whose office oversees DomeWatch, later issued a statement. Joy Lee confirmed that their office was notified about the potential exposure of information stored on an internal site by an outside vendor. She stated that they immediately alerted the Office of the Chief Administration Officer and that a full investigation has been initiated to identify and correct any security weaknesses. Lee clarified that the outside vendor is an independent consultant responsible for managing the backend of the DomeWatch platform.
(Source: Wired)
