Thousands of Documents on DOD And CIA Employees, Afghan and Iraqi Nationals Released in Shocking Amazon Data Breach
A data breach has seen details of thousands of former and current Department of Defense, NSA, and CIA employees’ details released, along with information relating to Afghan and Iraqi nationals who have worked with the U.S. military in their home countries.
More than 9,000 documents were discovered by a cyber security firm in an unencrypted, non-password protected folder on an Amazon server.
Some of the documents contained a timestamp, revealing that they were uploaded to the Amazon server in February this year. The unencrypted folder has only recently been discovered, leading to the conclusion that the files have potentially been accessible for more than seven months.
Taking Responsibility for the Data Breach
The documents were found in a folder simply titled “Resumes.” While a private security firm named TigerSwan seems to have been in control of the documents, representatives from the firm are pointing the finger at a third-party contractor, TalentPen, hired by the company to process job applications.
The more than 9,000 documents released as a result of the data breach reveal intricate details relating to current and former DoD, NSA, and CIA employees. Other documents contain personal information relating to Afghan and Iraqi nationals who have worked with and assisted U.S. military personnel in their home countries.
Many of the individuals described in the documents hold Top Secret Defense security clearances, with some documents describing details of highly-classified and sensitive military operations.
One document reportedly outlined details of nuclear weapons codes and transportation plans. Another document contained the details of an employee at Baghdad’s Abu Ghraib facility, where prisoners are alleged to have been tortured.
In many instances, individuals’ personal details were contained in the documents, including personal phone numbers, email addresses, and home addresses.
The full impact of the data breach is not yet known.