Thousands of US military and intelligence personnel files left unsecured in all too familiar security lapse.
Once again, people’s personal information was left exposed to the public on the web. This time, the victims are US military and intelligence personnel. The information that was left unsecured was a mixture of resumes and job applications.
The information was discovered on an unsecured Amazon Web Service server by cybersecurity firm UpGuard. While Amazon is a top provider in cloud solutions, those that utilize these services need to ensure that their data is secured. Sadly, this is the second case we’ve heard of just this week where those responsible for personal information made no effort in doing so.
In this case, the cybersecurity buck has been passed. With unfortunate results. The data has been traced back to TigerSwan, a North Carolina based private security firm. TigerSwan immediately passed the responsibility on to TalentPen, a recruiting vendor. The files seem to have first been uploaded to an Amazon bucket as part of a process to transfer files from TalentPen to TigerSwan, and then never deleted the files. First uploaded in February, it appears that UpGuard discovered the existence of the files in July. After alerting TigerSwan it took an additional month for the server to be shut down since the server actually belonged to TalentPen.
What a mess.
TigerSwan states that the files “have now been properly secured and no additional risk of exposure exists.” However, these files were available to anyone who stumbled upon them for months. Who were those that had their information handled in such a careless way? Former and current employees of the US Department of Defense and US intelligence agencies, Iraqi and Afghani nationals who had previously worked as translators with US military, a former UN worker in the Middle East, and aa former US ambassador to Indonesia.
Once again, this is not a case of secure defenses being broken by professional hackers. This is a case of those that were in charge of the care of personal information simply not taking any effort to secure that information.
Had they just utilized BlackBerry Workspaces, each individual file would have been secured.
Let’s hope that this is the last we see of such an error made in the cyber security realm, but with two of these cases seeing the light of day in one week, I’m not too hopeful.