Sen. Claire McCaskillClaire Conner McCaskillEx-Rep. Akin dies at 74 Republicans may regret restricting reproductive rights Sunday shows preview: States deal with fallout of Ida; Texas abortion law takes effect MORE (D-Mo.) wants to know why thousands of files containing personal information of military and intelligence personnel were allegedly left unsecured and available for public download for months.
The information was from job applications to TigerSwan, a North Carolina-based private security firm, and was acquired and improperly stored online by its one-time recruitment firm TalentPen. The files date back to 2009.
But TigerSwan says it does not own a cloud storage system for the résumés and has blamed a third-party recruitment firm named TalentPen for the unsecure files.
“This report raises serious question about the security protocols that TigerSwan has in place to prevent these types of breaches,” McCaskill wrote in a Friday letter to TigerSwan chairman James Reese.
“Not only did TigerSwan expose servicemembers’ social security numbers and other private information, it left the information out in the open for almost a month before fixing the problem,” McCaskill said in a statement after the letter’s release.
McCaskill asks Reese to provide by Nov. 3 steps the company has taken to determine how the information became available on a publicly accessible server, whether any policies or security protocols related to federal contracts were breached, and whether any actions have been taken against those responsible for the breach.
In addition, she asks if TigerSwan has taken steps to notify affected personnel, what it’s doing to prevent similar occurrences in the future and if there have been any remedial efforts “to ensure that the exposed data is not used for improper or unlawful purposes.”
A majority of the files, which were found on a misconfigured cloud server in July, came from members of the military, as well as intelligence veterans, a police chief and a United Nations worker in the Middle East. The files included personal contact information, such as addresses, phone numbers and private email addresses.
The files were not taken down until the end of August due to confusion over the source of the résumés.