What is DomeWatch and what happened?

DomeWatch is the House Democrats' Official Online Resume Bank. A security researcher discovered that the database had exposed sensitive personal information of job applicants publicly on the internet. The exposed database contained information on more than 7,000 individuals who had applied for jobs, internships, or fellowships with Democratic Members' offices and committees in the United States House of Representatives over the past two years.

How many people were affected by the DomeWatch data exposure?

More than 7,000 individuals who had applied for positions with House Democrats were affected. Among these, approximately 450 individuals held top secret United States government security clearances.

What information was exposed in the DomeWatch incident?

The exposed data included names, phone numbers, email addresses, short written biographies, military service information, security clearance status and levels, languages spoken, internal identification numbers, political party affiliations, weblinks to Google Forms and other shared documents stored in cloud systems, and a file marked as a master key that could potentially be used to decrypt protected data such as API tokens.

When was the DomeWatch security issue discovered and fixed?

The researcher notified the registration and technical contacts of the domain on September 30, and the database was secured within hours. However, it remains unclear how long the data was exposed before it was detected or whether any unauthorized parties accessed the information while it was unsecured.

Who discovered the DomeWatch data exposure?

A security researcher who requested to remain anonymous discovered and reported the data exposure.

How long does DomeWatch keep resumes according to their policy?

According to DomeWatch website's stated policy, resumes are kept for only 90 days before being archived. However, most records in the exposed database contained timestamps from 2024-2025, which appears inconsistent with this policy.

Incident

Security researcher reports data leak of US House Democrats' DomeWatch Resume Bank exposing data of over 7,000 job applicants

Q: What type of positions were people applying for in the DomeWatch database?

The database contained information on individuals who had applied for jobs, internships, or fellowships with Democratic Members' offices and committees in the United States House of Representatives.

published: Oct. 27, 2025

Learn More

Security researcher is reporting that the US House Democrats' Official Online Resume Bank, known as DomeWatch, has exposed sensitive personal information of job applicants publicly exposed on the internet.

The researcher requested to remain anonymous. The exposed database contained information on more than 7,000 individuals who had applied for jobs, internships, or fellowships with Democratic Members' offices and committees in the United States House of Representatives over the past two years.

Among the more than 7,000 exposed records, approximately 450 individuals held "top secret" United States government security clearances. The database functioned as an internal index of people who had applied for positions with House Democrats, containing details typical of a job application process. Security experts have characterized this data as a potential "gold mine" from the perspective of foreign adversaries or hostile states seeking to target government or military staffers with access to sensitive information.

The exposed data included:

Names
Phone numbers
Email addresses
Short written biographies
Military service information
Security clearance status and levels
Languages spoken
Internal identification numbers
Political party affiliations
Weblinks to Google Forms and other shared documents stored in cloud systems
A file marked as a "master key" that could potentially be used to decrypt protected data such as API tokens

Political affiliation data revealed that 6,300 individuals were listed as having Democratic Party affiliation, while only 17 were listed as Republican Party affiliation, and approximately 265 were listed as independent or other. Interestingly, most records contained timestamps from 2024-2025, which appears inconsistent with the DomeWatch website's stated policy of keeping resumes for only 90 days before archiving them.

The researcher notified the registration and technical contacts of the domain on September 30 and the database was secured within hours. The response from the office was brief, simply stating "Thanks for flagging." It remains unclear how long the data was exposed before it was detected or whether any unauthorized parties accessed the information while it was unsecured.

Joy Lee, spokesperson for House Democratic Whip Katherine Clark, whose office oversees DomeWatch, stated that they were informed of the potential exposure by an outside vendor and immediately alerted the Office of the Chief Administration Officer, launching an investigation to identify and rectify security vulnerabilities. The outside vendor was identified as an independent consultant who assists with the backend operations of DomeWatch.

Security researcher reports data leak of US House Democrats' DomeWatch Resume Bank exposing data of over 7,000 job applicants

Read More
Macedonian Ministry of Economy and Labor hit by …
UK Royal Mail third party breach exposes 144GB …
Hacktivist groups hit Russian helicopter manufacturer, leaks stolen …
Source code and records of Integrated Road Accident …
US Environmental Protection Agency investigates possible leak of …