The personal details of thousands of individuals who submitted job applications to an international security firm were exposed online due to an unprotected storage server set up by a recruiting services provider.
Chris Vickery of cyber resilience firm UpGuard discovered on July 20 an Amazon Web Services (AWS) S3 storage bucket that could be accessed by anyone over the Internet. The server stored more than 9,400 documents, mostly representing resumes of people who had applied for a job at TigerSwan, an international security and global stability firm.
The documents included information such as names, physical addresses, email addresses, phone numbers, driver’s license numbers, passport numbers and at least partial social security numbers (SSNs). In many cases, the resumes also provided information on security clearances from U.S. government agencies, including the Department of Defense, the Secret Service, and the Department of Homeland Security. Nearly 300 of the exposed resumes listed the applicant as having a “Top Secret/Sensitive Compartmented Information” clearance.
According to UpGuard, a majority of the individuals whose information was compromised were military veterans, but hundreds of resumes belonged to law enforcement officers who had sought a job at TigerSwan, a company recently described by The Intercept as a “shadowy international mercenary and security firm.”
The list of affected people also includes a former United Nations worker, an active Secret Service agent, a parliamentary security officer from Eastern Europe, and a logistical expert from Central Africa.
UpGuard also highlighted that some of the individuals whose details have been leaked are Iraqi and Afghan nationals who worked with U.S. and Coalition forces. Experts believe the leak could pose a serious risk to these individuals if someone other than UpGuard found the unprotected storage server.
UpGuard informed TigerSwan about the leak on July 21, but the files were left unprotected until August 24. In a statement published on its website, TigerSwan clarified that the files were exposed by TalentPen, a recruiting firm whose services it had used between 2008 and February 2017.
TigerSwan said it initially believed that UpGuard’s warnings via email and phone were part of a phishing attack, especially since the notifications came shortly after the WannaCry and NotPetya malware outbreaks and the URLs provided by the cybersecurity firm were not linked to TigerSwan. The company realized that UpGuard’s claims were legitimate only on August 31, when it was contacted by reporters, but by that time the storage server had been secured by TalentPen.
TigerSwan says it’s in the process of contacting affected individuals. The company has advised people who submitted a resume on its website between 2008 and 2017 to call a hotline (919-274-9717) to find out if they are impacted by the incident.
In order to help prevent these types of leaks, Amazon recently announced the launch of Macie, a new security service designed to help AWS users protect sensitive data.