The personal details of over 7,000 Americans applying for jobs, internships, or fellowships with Democratic Members’ offices were exposed due to an unsecured, unencrypted, and non-password-protected online database. The breach, discovered by Safety Detectives in October 2025, revealed sensitive PII, including names, phone numbers, email addresses, security clearance levels (469 with 'top secret' clearance), political affiliations, military service records, and biographical data. The exposed records also contained links to Google Forms and shared documents, increasing risks of fraud, impersonation, and targeted phishing attacks, particularly against individuals with government or military backgrounds. While the database was secured the same day, the incident highlights vulnerabilities in handling high-risk personal data, especially given the potential for AI-driven social engineering attacks exploiting the leaked information. The data, timestamped from 2024–2025, contradicted DomeWatch’s claim of retaining resumes for only 90 days before archival.
Source: https://hackread.com/domewatch-leak-capitol-hill-applicants-data/
TPRM report: https://www.rankiteo.com/company/democracy-def-action
"id": "dem4292442102725",
"linkid": "democracy-def-action",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '7,000+ applicants',
'industry': 'public sector/government',
'location': 'United States (Capitol Hill)',
'name': 'House Democrats’ Official Online Resume Bank '
'(DomeWatch.us)',
'type': 'government-affiliated job portal'}],
'attack_vector': 'unsecured online database (misconfigured cloud storage)',
'data_breach': {'data_encryption': 'no (database was unencrypted)',
'data_exfiltration': 'no (data was exposed but not confirmed '
'as stolen)',
'file_types_exposed': ['resumes',
'Google Forms',
'shared documents'],
'number_of_records_exposed': '7,000+',
'personally_identifiable_information': ['names',
'phone numbers',
'email addresses',
'home state',
'security clearance '
'level'],
'sensitivity_of_data': "high (includes 'top secret' clearance "
'holders)',
'type_of_data_compromised': ['PII',
'security clearance information',
'political affiliation',
'military service records',
'employment history',
'document links (Google Forms, '
'shared files)']},
'date_detected': '2025-10-27',
'date_publicly_disclosed': '2025-10-27',
'date_resolved': '2025-10-27',
'description': 'Personal details of thousands of Americans seeking jobs on '
'Capitol Hill were left publicly exposed due to an unsecured '
'online database belonging to the House Democrats’ Official '
'Online Resume Bank, known as DomeWatch.us. The breach was '
'discovered by Safety Detectives after an anonymous researcher '
'reported an unencrypted, non-password-protected database '
'containing over 7,000 records of applicants, including PII '
'such as names, phone numbers, email addresses, security '
'clearance status, political affiliation, and military '
"service. The data also included 469 individuals with 'top "
"secret' federal security clearance and timestamps from "
"2024–2025, despite DomeWatch's claim that resumes are "
'archived after 90 days. Access was restricted the same day '
'the issue was reported, but the exposure raises concerns '
'about targeted attacks, impersonation, and AI-powered social '
'engineering threats.',
'impact': {'brand_reputation_impact': 'public exposure of negligence in data '
'protection',
'data_compromised': ['Personally Identifiable Information (PII)',
'names',
'phone numbers',
'email addresses',
'security clearance status/level',
'political party affiliation',
'home state',
'military service records',
'bio/congress experience',
'Google Forms links',
'shared document links'],
'identity_theft_risk': 'high (due to PII and security clearance '
'details)',
'operational_impact': 'potential for targeted phishing, '
'impersonation, and social engineering '
'attacks',
'systems_affected': ['DomeWatch.us resume database']},
'investigation_status': 'resolved (access restricted; no further public '
'updates)',
'lessons_learned': 'Need for stricter access controls, encryption, and '
'regular audits of public-facing databases to prevent '
'accidental exposure of sensitive data.',
'post_incident_analysis': {'corrective_actions': ['restricted database '
'access; no further details '
'provided'],
'root_causes': ['misconfigured database (lack of '
'authentication/encryption)',
'inadequate data retention '
'enforcement (records older than '
'90 days were exposed)']},
'recommendations': ['Implement password protection and encryption for all '
'databases.',
'Conduct regular security audits for misconfigured cloud '
'storage.',
'Enforce stricter data retention policies (e.g., 90-day '
'archive rule).',
'Monitor for unauthorized access attempts.',
'Provide awareness training for applicants about phishing '
'risks post-breach.'],
'references': [{'source': 'Safety Detectives Blog Post'},
{'source': 'Hackread.com'}],
'response': {'communication_strategy': ["brief acknowledgment: 'Thanks for "
"flagging'"],
'containment_measures': ['restricted public access to the '
'database'],
'incident_response_plan_activated': 'yes (access restricted same '
'day)',
'third_party_assistance': ['Safety Detectives (research firm)']},
'title': 'Exposure of Personal Data in House Democrats’ Official Online '
'Resume Bank (DomeWatch.us)',
'type': ['data exposure', 'unsecured database'],
'vulnerability_exploited': 'lack of encryption and authentication '
'(non-password-protected database)'}