US military contractor and international security firm TigerSwan has confirmed that thousands of files containing sensitive, personal information of US military and intelligence personnel were inadvertently exposed online on an unsecured Amazon server.
Chris Vickery, a researcher at security firm Upguard, discovered the Amazon Web Services S3 storage bucket that was accidentally configured for public access in July, which means any person with the correct IRL could access the data.
Many resumes also listed information such as security clearances, driver's licence numbers, passport numbers and at least partial Social Security numbers.
"While most of the applicants are American military veterans, every continent appears to be represented in the pool, with some applicants coming from a civilian background," UpGuard said.
"On the resumes of several foreign applicants, many also listed their passport numbers in the resumes - a detail of potential interest amidst the burgeoning black market in Eurasia for fraudulent passports."
In a statement on Saturday (2 September), TigerSwan said the database of resumes was managed by a third-party vendor TalentPen.