An unsecured database on the House Democrats’ “DomeWatch” website exposed the sensitive personal information and security clearance levels of hundreds of government officials in late September, creating a potential “gold mine” for foreign intelligence services. The breach, discovered by an anonymous ethical security researcher, left a cache of data accessible to the public, including biographies, military service records, and contact details of individuals seeking positions within the U.S. government.
Vulnerability in the DomeWatch Infrastructure
The exposure originated from DomeWatch, a service managed by House Democrats that provides video streams of floor sessions, congressional calendars, and a job application portal. While scanning for unprotected databases, the researcher identified an internal “index” that lacked basic security protocols. Upon notifying the House of Representatives’ Office of the Chief Administrator on September 30, officials secured the database within hours, though the duration of the exposure remains unknown.
The leaked data did not include full résumés but contained highly specific fields typical of high-level government recruitment. This included applicants’ names, phone numbers, email addresses, and internal identification numbers. More critically, the database highlighted individuals with “Top Secret” clearances and specialized expertise in areas such as “US-China relations” and “intelligence.”
A Strategic Asset for Foreign Intelligence
The researcher emphasized that the leak extended far beyond junior staffers or interns, noting that some entries described individuals with over 20 years of experience on Capitol Hill. “From the perspective of a foreign adversary, that is a gold mine of who you want to target,” the researcher told WIRED, warning that hostile states could use this information to compromise personnel with access to classified materials.
Alexander Leslie, senior advisor for government affairs at the threat intelligence firm Recorded Future, corroborated these concerns. Leslie noted that military histories and clearance statuses provide adversaries with precise reconnaissance. Such data facilitates sophisticated spear-phishing campaigns, impersonation, and social engineering attacks designed to gain unauthorized access to government accounts.
Quantifying the Scope of the Exposure
The database contained approximately 7,000 entries, revealing a detailed demographic map of the applicants:
- Congressional Experience: Roughly 4,200 individuals.
- Democratic Affiliation: 6,300 individuals.
- Republican Affiliation: 17 individuals.
- Independent/Other: Over 250 individuals.
The researcher also found links to documents hosted on secondary cloud storage systems, further expanding the potential surface area of the leak.
Official Response and Vendor Accountability
Joy Lee, spokesperson for House Democratic Whip Katherine Clark—whose office oversees DomeWatch—confirmed that an outside vendor was responsible for the security lapse. “Our office was informed that an outside vendor potentially exposed information stored in an internal site,” Lee stated on October 22. She added that an independent consultant manages the backend of the platform and that a full investigation is underway to rectify vulnerabilities.
The incident has drawn comparisons to the 2015 Office of Personnel Management (OPM) hack, which Leslie describes as a “long-term US national security and personnel risk.” Unlike targeted attacks, this exposure resulted from a systemic failure to secure a publicly accessible database, a non-partisan issue that continues to plague government digital infrastructure.
The ethical researcher maintained that the discovery was not politically motivated, stating that the primary goal was to prevent criminal or state-sponsored actors from exploiting the vulnerability. “It shouldn’t be exposed,” they concluded, highlighting the ongoing risks associated with mishandling sensitive personnel data in the digital age.
