The website of the US House Democrats exposed hundreds of people with top secret clearances

sensitive person Details of more than 450 people who held “top secret” US government security clearances were leaked online, new research seen by WIRED shows. The database includes information on more than 7,000 people who have applied for jobs for Democrats in the US House of Representatives over the past two years.

At the end of September, an ethical security researcher stumbled upon the data cache while scanning for insecure databases and discovered it was part of a site called DomeWatch. The service is run by House Democrats and includes video broadcasts of House hearings, a calendar of congressional events and updates on House votes. It also includes a job board and resume bank.

After the researcher attempted to notify the House Speaker’s office on September 30, the database was secured within hours, and the researcher received a response that simply said, “Thanks for the flagging.” It is unclear how long the data was exposed or whether someone else accessed it while it was insecure.

The independent researcher, who asked not to be named because of the sensitive nature of the findings, likened the exposed database to an internal “index” of people who might have applied for the freelance roles. Resumes are not included, they say, but the database contains typical details of a job application process. The researcher found data including short written biographies of applicants and fields indicating military service, security clearances and language spoken, along with details such as names, phone numbers and email addresses. Also, each person was assigned an internal ID.

“Some of the people described in the data have spent 20 years on Capitol Hill,” the researcher tells WIRED. That’s what makes the finding so troubling, the researchers say, because they fear that if the data fell into the wrong hands—perhaps the hands of a hostile government or malicious hackers—it could be used to compromise government or military personnel who have access to potentially sensitive information. “From the perspective of a foreign adversary, this is the gold mine you want to target,” says the security researcher.

WIRED has reached out to the superintendent’s office and House Democrats for comment. Some staff WIRED contacted could not be reached because they were furloughed as a result of the ongoing US government shutdown.

“Today, our office was notified that a foreign vendor may have leaked information stored on an internal site,” Joy Lee, a spokeswoman for Democratic Rep. Kathryn Clark, told WIRED in an Oct. 22 statement. DomeWatch is in the possession of Clark’s office. We immediately alerted the Office of the Chief Administrative Officer and a full investigation has been initiated to identify and remediate any security vulnerabilities. Lee added that the outside vendor is “an independent consultant that contributes to the back end” of DomeWatch.