TigerSwan said that transfer was conducted using high-end encryption and TalentPen was supposed to immediately delete the files. But the files remained on the site and due to an apparent security setting misconfiguration, those files were not encrypted.
When Upguard contacted TigerSwan in July, TigerSwan said it believed Upguard was in error since TigerSwan does not store resumes on the Amazon cloud and since it believed TalentPen had both encrypted and deleted its copies.
At the end of August, Upguard contacted Amazon, which had TalentPen remove the files, but did not reveal to Upguard that TalentPen was the customer. TigerSwan claims TalentPen never notified them, either.
"TalentPen never notified us of their negligence with the resume files nor that they only recently removed the files," TigerSwan said in a statement.
TigerSwan said it was unaware that TalentPen had made the error until The Hill contacted them for a story earlier this week and raised the possibility that a recruiter had left the files online. Until then, TigerSwan argued the files were not theirs.
"It was only when we reached out to [TalentPen] with the information on August 31st did they acknowledge their actions," TigerSwan said in their statement.
TigerSwan provided screen shots of an email from its former account manager at TalentPen explaining that the company had dissolved earlier that year. However, that manager still had access to billing records for the Amazon cloud account and confirmed that the account showed "activity that seems consistent with the number of files and the size of the over-all[sic] number of files.”
TigerSwan is encouraging any applicants for positions who submitted resumes during its contract with TalentPen to contact the company to check if any personally identifiable information was left vulnerable.
Former TalentPen management did not respond to requests for comment.