Hundreds of people obtained a “top secret” statement revealed by the House Democrats’ website

Sensitive personality Details of more than 450 people with “top secret” US government security clearances have been left exposed online, a new study seen by WIRED shows. The people’s details were included in a database of more than 7,000 individuals who applied for jobs over the past two years with Democrats in the US House of Representatives.

While searching for insecure databases at the end of September, an ethical security researcher stumbled upon the exposed data cache and discovered it was part of a site called DomeWatch. The service is run by House Democrats and includes videos of House sessions, congressional event calendars, and updates on House votes. It also includes a job board and CV bank.

After the researcher attempted to notify the Office of the Chief Administrative Officer of the House of Representatives on September 30, the database was secured within hours, and the researcher received a response that simply stated: “Thank you for reporting.” It is unclear how long the data was exposed or whether anyone else accessed the information when it was unsecured.

The independent researcher, who requested anonymity due to the sensitive nature of the results, likened the exposed database to an internal “index” of people who may have applied for open positions. They say a resume is not included, but the database contains typical details of the job application process. The researcher found data that included applicants’ short written biographies, fields indicating military service, security clearances, and languages ​​used, along with details such as names, phone numbers, and email addresses. Each individual was also assigned an internal identifier.

“Some of the people described in the data spent 20 years on Capitol Hill,” the researcher tells WIRED, noting that the information went beyond a list of interns or junior staff. That’s what makes this finding so worrying, the researcher says, because they fear that if the data falls into the wrong hands — perhaps the hands of a hostile state or malicious hackers — it could be used to hack government or military employees who have access to potentially sensitive information. “From a foreign adversary’s perspective, this is a gold mine for whoever you want to target,” the security researcher says.

WIRED has reached out to the Office of the Chief Administrative Officer and House Democrats for comment. Some employees contacted by WIRED were not available because they have been furloughed as a result of the ongoing U.S. government shutdown.

“Today, our office was informed that a third-party vendor has disclosed information stored at an internal location,” Joy Lee, a spokeswoman for House Democratic spokeswoman Katherine Clark, told WIRED in an Oct. 22 statement. DomeWatch falls under the jurisdiction of Clark’s office. “We immediately alerted the Office of the Chief Administrative Officer, and a full investigation was initiated to identify and correct any security vulnerabilities.” The third-party vendor is “an independent consultant who helps with the backend” of DomeWatch, Lee added.