An anonymous cybersecurity researcher discovered and reported to Safety Detectives about an unencrypted and non-password-protected database that contained approximately 7,000 records. Exposed data included names, email addresses, phone numbers, security clearance status or level, and other personal information.

The publicly exposed database was not password-protected or encrypted. It contained 7,028 records marked as “resume bank data” with potentially sensitive applicant information. In a reverse DNS search, it was identified that the IP address that hosted the documents traced back to a website called DomeWatch.us. According to information posted on House.gov by the Democratic Whip, DomeWatch is the House Democrats’ Official Online Resume Bank. On its Jobs section, DomeWatch posts current openings across Democratic Members’ offices and committees on Capitol Hill as well as related internships or fellowships. Individuals can submit their resumes using either the employment portal (which was created in November 2012) or the official mobile apps for both iOS and Android. The submissions are accessible by Senate Democratic offices.

The registration and technical contacts of the domain were promptly notified of the exposure. Public access to the database was restricted the same day, and it was no longer visible. Later on, they replied with a message that read: “Thanks for flagging”. In the About Us section of the website, it states that resumes remain in the bank for 90 days; once 3-months-old, the resume is automatically archived. However, nearly all of the records exposed were indicated with timestamps circa 2024-2025. It is unclear if this was a backup of archive data or otherwise. It is also unclear why these records appeared to have been kept for longer than the stated dates of storage.

The records indicated fields with information such as: internal ID numbers, application codes, first name, last name, phone number, email address, bio or congress experience, education, military service, security clearance and level, office interest, interest issues, home state, languages, political party affiliation, action tokens, and more. In total, the records listed 469 individuals with “top secret” federal security clearance as well as 4,221 individuals with congress experience. In regards to political affiliation, 6,300 individuals listed marked the Democratic Party; 17, the Republican Party; and 265, “Independent” or “Other”. The database also contained weblinks to Google forms and other documents.

According to the description on the Google Play Store: DomeWatch is a product of the Office of Democratic Whip Katherine Clark. It is designed to help House staff, the press, and the public better follow the latest developments from the US House of Representatives Floor. The app uses data from both majorityleader.gov and demcom.house.gov, which is the official intranet for House Democratic staff (available only within the House of Representatives firewall).

Any data exposure of a resume bank that contains potentially sensitive applicant information presents significant cybersecurity and privacy risks. When it comes to social engineering and phishing, the more personally identifiable information available, the more it may increase the potential success rate of a targeted attack. These records pose additional risks due to the fact that many of these individuals have working or volunteering experience in the government, Congress, political campaigns, or the military. Many of them also have security clearances, language skills, and political party affiliations that may potentially be of interest to malefactors.

In the current political environment, profiling and targeted harassment are notable potential risks. Another serious concern would be adversaries targeting specific individuals with privileged access to government systems, making them potentially high-value targets for espionage, recruitment, or blackmail. This isn’t an assertion that there are any national security risks to this exposure or that the data was ever at risk. These details are only here to provide hypothetical risk scenarios for educational purposes.

According to reports by AP, in July 2025, criminals used AI to create a deepfake of US Secretary of State Marco Rubio and attempted to contact foreign ministers. This raises serious potential concerns of how these individuals could be targeted for AI-assisted social engineering attempts, as many of them are currently (or have been previously) employed by members of Congress.

It is highly recommended that individuals who believe their PII or contact details may have potentially been exposed in any data breach take additional steps to validate job opportunities or suspicious communications. It is a good idea to enable MFA on email and mobile accounts that are associated with the potentially exposed data. Change passwords of affected accounts and never reuse passwords or variants of previously used passwords. For individuals with security clearance, there may be additional requirements to report the potential exposure so the incident is documented and any necessary mitigations can be applied. Strictly communicate through official channels and validate that the person or office is who they claim to be.

It is not known what internal safeguards are in place to protect congressional staff, interns, and volunteers. Hypothetically, these individuals could be potential targets because attackers might believe that their email accounts or contacts could provide policy intelligence, influence campaigns, or access government systems. It is not implied that there was ever any risk to this exposure. It is not known if the data was accessed by anyone else or how long the database was publicly exposed.

No wrongdoing by DomeWatch, or its employees, agents, contractors, affiliates, and/or related entities is implied here. It is not claimed either that any internal, applicant, or user data was ever at imminent risk. This report was published to raise public awareness and help strengthen data protection and cybersecurity practices. The hypothetical data-risk scenarios presented in this report are strictly and exclusively for educational purposes and do not reflect, suggest, or imply any actual compromise of data integrity.

The Safety Detectives’ Cybersecurity Team didn’t get access to the database, which means we could not download, retain, or share any data. This report has been shared with our team by an anonymous cybersecurity researcher. The limited number of redacted screenshots included in this article are used solely for verification and documentation purposes. We disclaim any and all liability arising from the use, interpretation, or reliance on this disclosure. We publish our findings to raise awareness of issues of data security and privacy.

Safety Detectives’ Previous Work

The Safety Detectives research lab is a pro bono service that aims to help the online community defend itself against cyber threats while educating organizations on how to protect their users’ data. The overarching purpose of our web mapping project is to help make the internet a safer place for all users.

Our previous reports have brought multiple high-profile data leaks to light, including 61 million records allegedly belonging to Verizon USA and listed for sale on a well-known hacker’s forum.
Our previous work also includes the discovery of a clear web forum post where a threat actor publicized a database with 10,000 records allegedly belonging to VirtualMacOSX.