Thousands of files containing details of US intelligence operatives with Top Secret clearance have been leaked.
The 9,402 documents were found on an unsecure Amazon server without the protection of a password.
The files, discovered this summer by a security analyst at the California-based cyber security firm UpGuard, were found in a folder called ‘resumes’.
They contained the CV of thousands of Americans currently in jobs in the US Department of Defense and the US intelligence community.
They typically included information such as their home addresses, phone numbers, work history and email addresses, as well as more sensitive information including security clearances, driver’s license numbers, passport numbers and at least partial social security numbers.
According to UpGuard, at least one of the applicants claimed he carried the nuclear missile launch codes.
The documents have been traced back to TigerSwan, a private security firm based in North Carolina
Other documents revealed sensitive and personal details about Iraqi and Afghan nationals who have cooperated and worked alongside US military forces in their home countries, Gizmodo reported.
Between 15 and 20 applicants reportedly meet this criteria. They may now be endangered by the disclosure of their personal details.
One applicant described his employment as a ‘warden advisor’ at the Abu Ghraib black site near Baghdad, where prisoners are known to have been tortured.
Another applicant reportedly said he was involved in ‘enhancing evidence’ against Iraqi insurgents during the war.
The leak also includes details of a former United Nations worker in the Middle East, a parliamentary security officer in Eastern Europe, an active Secret Service agent, a Central African logistical expert, an ex-soldier tasked with providing security in war zones for TV news crews and a police chief in a southern state.
In addition to this, the details of an Army officer tasked not only with finding WMDs in post-invasion Iraq, but with escorting a major US journalist on the hunt have been leaked, as well as military and police trainers in Iraq, Afghanistan, Georgia, Liberia, Ukraine, and the Democratic Republic of Congo.
The 9,402 documents (including this CV) were found on an insecure Amazon server without the protection of a password
The documents have been traced back to TigerSwan, a private security firm based in North Carolina.
But in a statement TigerSwan pinned the blame on TalentPen, a third-party vendor they use to sift through new job applications.
The firm told Gizmodo: ‘At no time was there ever a data breach of any TigerSwan server.
‘All resume files in TigerSwan’s possession are secure. We take seriously the failure of TalentPen to ensure the security of this information and regret any inconvenience or exposure our former recruiting vendor may have caused these applicants. TigerSwan is currently exploring all recourse and options available to us and those who submitted a resume.’
This CV of an American with ’20+ years military experience’ was one of the 9,400 leaked
TalentPen could not be immediately reached for comment.
UpGuard said: ‘The incident again underscores the importance of qualifying the security practices of vendors who are handling sensitive information.
‘While criminals could use the deep knowledge of work experience and personal details for anything from identity theft to one of the phishing scams known to specifically target veterans, the value of this database to foreign intelligence agencies if they were to access it is not insignificant.
‘The presence of extremist sympathizers in western nations makes the prospect of publicly exposed Iraqi and Afghan nationals that much more alarming.’