Another Gov't (maybe) Breach



  • https://gizmodo.com/thousands-of-job-applicants-citing-top-secret-us-govern-1798733354

    With essentially unlimited resources how are these contractors this bad?

    “At no time was there ever a data breach of any TigerSwan server,” the firm said. “All resume files in TigerSwan’s possession are secure. We take seriously the failure of TalentPen to ensure the security of this information and regret any inconvenience or exposure our former recruiting vendor may have caused these applicants. TigerSwan is currently exploring all recourse and options available to us and those who submitted a resume.”

    TalentPen could not be immediately reached for comment and Gizmodo could not independently confirm the company’s involvement. During conversations with Gizmodo, TigerSwan repeatedly refused to provide any documentation showing TalentPen was at fault.

    Oh yeah I believe you. It's the other guys fault, but we won't show you any evidence it was....



  • When you hire the lowest bidder in a market segment with no pride in their work, the number of resources isn't really a factor.



  • Is it really a gov't breach, though? Looks like some random third party resume collection vendor.



  • @scottalanmiller said in Another Gov't Breach:

    Is it really a gov't breach, though? Looks like some random third party resume collection vendor.

    Well they're a govt contractor and the data was resumes if still active military people. It's not truly a govt breach I guess. I've been reading some more about it.

    Apparently it was the subcontractor that screwed up. However if it's your sub, that means it's your fault. It sounds kind of weird though. They used a limited life key for access to the S3 bucket and it expired but they never removed the bucket. I have a feeling after the key expires the bucket doesn't just become public....

    http://www.tigerswan.com/newsroom/statement-information-breach-talentpen-llcs-cloud-file-hosted-amazon-web-services/



  • @scottalanmiller said in Another Gov't Breach:

    When you hire the lowest bidder in a market segment with no pride in their work, the number of resources isn't really a factor.

    im just trying to understand from my experience with this. Money is thrown at things, not people. Very expensive things are purchased and sometimes never used and just sit there. But they can't "afford" to pay for real talent.

    That's what I meant with unlimited resources. Again only in my experience, the money is thrown in the most incorrect place possible.



  • @stacksofplates said in Another Gov't (maybe) Breach:

    @scottalanmiller said in Another Gov't Breach:

    When you hire the lowest bidder in a market segment with no pride in their work, the number of resources isn't really a factor.

    im just trying to understand from my experience with this. Money is thrown at things, not people. Very expensive things are purchased and sometimes never used and just sit there. But they can't "afford" to pay for real talent.

    That's what I meant with unlimited resources. Again only in my experience, the money is thrown in the most incorrect place possible.

    I'm seeing this all the time, everywhere right now.