Dear Black Bag Confidential Reader,
The Equifax hack isn’t the only major breach to have been exposed this month. Although it affected significantly fewer people, the hack I’m going to tell you about today is potentially far more damaging.
Not only does it affect brave individuals who served in our country’s armed forces, but this cybersecurity lapse could have serious consequences for our national security.
The War at Home
Returning home from deployment can be a challenging adjustment for many of our country’s brave service members. Not only must these individuals return to regular family life, but they also must resume their civilian jobs — often they may be seeking new employment.
Many of these service members have unique skill sets that make them attractive to a large number of employers. In particular, those who have served in the Special Forces can typically find work with international security firms, where they can continue to use their elite skill sets.
One such company that hires former Special Forces members is TigerSwan. Formed by retired members of the United States Delta Force, TigerSwan is a protection and risk assessment organization based in North Carolina with additional regional offices in the MENA, West Africa, India, Latin America and Asia.
Recently, it was revealed that thousands of résumés from prospective TigerSwan employees were left unsecured on a publicly accessible cloud-based data repository hosted by Amazon Web Services.
Enemy Tactics
Surprisingly, the sensitive information wasn’t hacked by some foreign government or shadow organization. In fact, according to TigerSwan, “At no time was there ever a data breach of any TigerSwan server.”
Instead, the company claims a third-party recruiting vendor called TalentPen was responsible for processing the job applications and owned the Amazon Web Services cloud storage where the data were uploaded and improperly secured. A total of 9,402 files were available to any internet user accessing the storage bucket’s URL in a folder titled “Résumés.”
To make matters worse, some of the résumés were from individuals with Top Secret security clearances who had previously served in elite intelligence positions within our government. These résumés included basic information such as addresses and phone numbers, in addition to more critical information such as driver’s license and passport numbers.
As alarming as this security breach is for U.S. service members, the people who are potentially the most at risk are the Iraqi and Afghan citizens who worked with U.S. forces in their home countries and applied for employment with TigerSwan.
It’s also terrifying to imagine what foreign governments could do with this classified information. For example, China or Russia could use the incredibly sensitive details these résumés contain to recruit spies or extort U.S. military personnel.
And consider the financial implications… These countries could attempt to scam veterans by sending legitimate-looking emails from friends, family members or employers containing accurate information they gained from these résumés.
The Best Defense
Obviously, there is nothing these veterans can do about the information that’s already been exposed. But there are a few steps they can take to minimize the impact.
First and foremost, when so much of your personal information has been compromised, you must change the passwords and answers to all security questions on your financial and online accounts.
If you can recover your bank login by providing your Social Security number or your mother’s maiden name, your accounts are no longer secure because hackers most likely have that information. You should also put a freeze on your credit immediately.
Unfortunately, I don’t anticipate these kinds of cyberattacks to stop anytime soon. This is a whole new kind of warfare and it’s important that you do everything within your power to avoid becoming a victim.
Stay safe,
Jason Hanson