For many of our country’s brave service members, returning home from serving deployment can be a challenging adjustment. Not only must these individuals return to their regular family lives but many also must resume their civilian jobs and oftentimes they might be seeking new employment.
Obviously, many of these service members have unique skill sets that make them attractive to a large number of employers. In particular, those who have served in the Special Forces can typically find work with international security firms, where they can continue to use their elite skill sets. One company that hires former Special Forces members is called TigerSwan, which is a security company that’s based in North Carolina but operates all over the world.
Recently, it was revealed that TigerSwan had thousands of resumes from prospective employees that were left unsecured on cloud storage. To make matters even worse, some of the resumes were from individuals who hold Top Secret security clearances and had previously served in elite intelligence positions within our government. These resumes included basic information such as phone numbers and addresses, plus, more critical information such as driver’s license and passport numbers. Now, as scary as this security breach is, the people who are potentially the most at risk are Iraqi and Afghan citizens who worked with U.S. forces in their home countries and applied for employment with TigerSwan.
Surprisingly, the information exposed wasn’t hacked by some foreign government but it was apparently left unsecured allowing public access to the files. You see, the resumes were actually stored on Amazon Web Services S3 data storage, but the cloud storage was left available for public access and wasn’t secured in any way. In total, 9,402 files were stored in the cloud storage folder titled Resumes.
According to TigerSwan, “At no time was there ever a data breach of any TigerSwan server.” The company claims a third-party company called TalentPen, was responsible for processing the job applications and owned the Amazon Web Services cloud storage where the data wasn’t properly secured. In other words, not only was this information available to hackers who could use it to scam military veterans, but also it’s scary to think about what foreign governments such as China and Russia would do with this information. For example, with the incredibly detailed information that these resumes contained Russia or China could use this to recruit spies or even extort U.S. military personnel.
Also, think about the financial scams that these countries could attempt by sending legitimate-looking e-mails from friends, family members, or employers that contain accurate information that they gained from the resumes.
Obviously, there is nothing these veterans can do about names and data that have been exposed but there are a few steps that can be taken to hopefully minimize the risks. First, when so much personal information has been compromised you need to change all of the security questions and information on your financial and online accounts. If you can recover you bank login by providing your social security number or with your mother’s maiden name then hackers will most likely have the information. You also need to freeze your credit.
Unfortunately, we have seen an enormous increase in cyber attacks and with so much critical information exposed it’s probably only a matter of time before cybercriminals attack these brave service members.