SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
The personal details of thousands of individuals who submitted job applications to an international security firm were exposed online due to an unprotected storage server set up by a recruiting services provider.
Chris Vickery of cyber resilience firm UpGuard discovered on July 20 an Amazon Web Services (AWS) S3 storage bucket that could be accessed by anyone over the Internet. The server stored more than 9,400 documents, mostly representing resumes of people who had applied for a job at TigerSwan, an international security and global stability firm.
The documents included information such as names, physical addresses, email addresses, phone numbers, driver's license numbers, passport numbers and at least partial social security numbers (SSNs). In many cases, the resumes also provided information on security clearances from U.S. government agencies, including the Department of Defense, the Secret Service, and the Department of Homeland Security. Nearly 300 of the exposed resumes listed the applicant as having a "Top Secret/Sensitive Compartmented Information" clearance.
According to UpGuard, a majority of the individuals whose information was compromised were military veterans, but hundreds of resumes belonged to law enforcement officers who had sought a job at TigerSwan, a company recently described by The Intercept as a "shadowy international mercenary and security firm."
Source: http://www.securityweek.com/details-us-top-secret-clearance-holders-leaked-online
(Score: 2, Informative) by Beau Slim on Wednesday September 06 2017, @10:14PM
Part of the lack of the general knowledge of this comes from a "first rule of clearance is that you don't talk about your clearance" thing. Many people believe that someone with a Top Secret clearance gives them access to all the Top Secrets. It doesn't.
All it means is that they have been vetted (via background checks, interviews of family and past associates, etc.) to assure that they are trustworthy and won't disclose any sensitive information needed to do their job. What they have access to is always on an as-needed basis. So, for example, a diplomatic officer working in foreign country will get a clearance to know how to use the crypto communications gear used to send sensitive information to the home office and they will work with sensitive information local to their post as part of doing their job. But that's it. And when they leave, they lose access to all information, even if their clearance is still valid. And then all clearances expire after a certain period of time.
I'm sure they're just putting past clearance on a resume much like a plumber tells people they're bond-able.