DomeWatch Database Exposure of Capitol Hill Job Applicants' Sensitive Data
An unsecured online database managed by the House Democrats’ DomeWatch platform exposed the personal information of over 7,000 individuals who applied for jobs, internships, or fellowships with Democratic offices and committees in the US House of Representatives. The exposed data included names, contact details, political affiliations, military service, and, critically, the security clearance status of hundreds of applicants, with at least 469 individuals holding "top secret" federal security clearances. The breach was discovered by an ethical security researcher in late September 2025, who promptly notified the House of Representatives’ Office of the Chief Administrator, leading to the database being secured within hours.
The database, which was neither encrypted nor password-protected, also contained links to Google forms and other shared documents, as well as a file labeled as a "master key" that could potentially be used to decrypt protected data such as API tokens. The records, mostly timestamped from 2024–2025, raised concerns about the retention policy of the DomeWatch platform, which claims to archive resumes after 90 days. The exposure of such sensitive information, especially regarding individuals with high-level security clearances, significantly increases the risk of fraud, targeted attacks, and broader national security implications.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
DomeWatch website exposed applicants' sensitive personal data
A House Democrats-operated DomeWatch website left sensitive records publicly accessible, exposing personal information of Capitol Hill job applicants and hundreds of people with top-secret security clearances. Reported data included details tied to background-check and employment application processes.
Sources
3 references tracked. Mallory keeps watching after this page renders.
House Democrats’ DomeWatch exposes sensitive data
scworld.com
Open sourceHundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ Website
wired.com
Open sourceDomeWatch Leak Exposed Personal Data of Capitol Hill Applicants
hackread.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
OPM Breach Exposed Security Clearance Files and Fingerprints of 22.1 Million People
Hackers tied by multiple reports to China penetrated the U.S. Office of Personnel Management and accessed some of the government’s most sensitive personnel systems, including databases linked to federal employee records and the `e-QIP` security-clearance platform. What was first described in 2014 as a detected intrusion later emerged as one of the most damaging breaches of U.S. government networks: authorities said the attackers compromised records on **22.1 million people**, including current and former federal workers, contractors, applicants, and others connected to background investigations. The stolen data included Social Security numbers, health and financial details, background-investigation forms, and **5.6 million fingerprints**, raising fears that the information could be used to build long-term intelligence dossiers on U.S. personnel. The breach triggered resignations, congressional scrutiny, and years of criticism over OPM’s security failures. OPM Director Katherine Archuleta resigned after the scale of the compromise became clear, and CIO Donna Seymour later stepped down amid pressure from lawmakers and investigators. Reports said the intrusion was discovered during a security product demonstration, while watchdogs accused OPM officials of obstructing parts of the investigation and the Government Accountability Office later found that dozens of recommended fixes remained incomplete years after the attack, including weaknesses around passwords, shared administrative accounts, and contractor oversight.
May 25, 2026
Sensitive Personal Data Exposed in DC Health Link and Doxbin Breaches
DC Health Link and Doxbin were added as sensitive breach incidents after large datasets containing personal information were exposed online. DC Health Link disclosed a breach discovered in March 2023 after data was reportedly posted to a well-known breach forum, exposing about **48,000 unique email addresses** alongside names, genders, dates of birth, home addresses, phone numbers, and **Social Security numbers**; the posting was linked in reporting to **`IntelBroker`**. Doxbin, a doxing website, was also listed for a breach affecting more than **370,000 unique email addresses** after data from January 2022 leaked. The exposed records included account details such as usernames, password hashes, and browser user agents, as well as highly sensitive victim information contained in doxes, including names, physical addresses, and phone numbers. Both incidents were classified as **sensitive**, meaning the compromised data is not publicly searchable through the breach-notification service.
Mar 27, 2026
CMI Management Leak Exposed U.S. Military Base Files in Public Directory
A publicly accessible directory tied to U.S. government contractor **CMI Management Inc.** exposed more than **70,000 files** linked to U.S. military installations and personnel. Reports say the contractor, which provides facility management services to the **U.S. Army**, left records openly available for months through an open directory listing, allowing access to sensitive material including personnel records, contractor documents, maintenance forms, emails, schematics, and photographs taken inside military bases. The leak created risks including **phishing, impersonation, and intelligence gathering** against military facilities and staff. Researcher **Arkadeep Roy** reportedly alerted **CISA** in 2024 after the exposure was identified following a tip to Cybernews, but the files remained accessible as recently as March 2026, underscoring how long-lived misconfigurations at defense contractors can leave operationally sensitive government data exposed.
May 8, 2026