DomeWatch Leak Exposed Personal Data of Capitol Hill Applicants

Personal details of thousands of Americans seeking jobs on Capitol Hill were left publicly exposed due to an unsecured online database belonging to the House Democrats’ Official Online Resume Bank, known as DomeWatch.us.

The security lapse was brought to light by the research firm Safety Detectives, after an anonymous cybersecurity researcher reported to them about an “unencrypted and non-password-protected database,” containing over 7,000 records of applicants.

****Sensitive Information at Risk****

The breach, reported on October 27, 2025, revealed a troubling amount of data on individuals applying for jobs, internships, or fellowships with Democratic Members’ offices and committees.

The exposed data includes Personally Identifiable Information (PII) like names, phone numbers, email addresses, and even security clearance status or level, which significantly increases the risk of fraud and targeted attacks. Further probing revealed that the records also included an applicant’s political party affiliation, home state, military service, and “bio or congress experience.”

Moreover, the database contained fields indicating 469 individuals with “top secret” federal security clearance. Analysis of the political data showed a clear majority, with 6,300 individuals listing the Democratic Party, compared to only 17 for the Republican Party and 265 for Independent or Other.

The exposed data also included weblinks leading to Google forms and other shared documents. Interestingly, most records had timestamps from 2024–2025. This is confusing because the DomeWatch website states that resumes are only kept for 90 days before being archived.

****Swift Action and Future Concerns****

The data exposure, as per Safety Detective’s blog post, was brought to the attention of the registration and technical contacts of the domain by the Safety Detectives team, and public access to the database was restricted the very same day. The contacts replied with a brief message: “Thanks for flagging.”

Still, this kind of exposure poses a serious threat. Since many of the affected individuals have experience in the military or government, they could become targets for criminals who use this detailed information for a wide range of threats like impersonation or highly specific phishing scams.

As we know already, with the rise of AI-powered tools like deepfake audio generators, criminals could use this personal data for social engineering attacks, and easily trick people who may have access to government systems.

The research, which was shared with Hackread.com, did not imply any wrongdoing by DomeWatch, but was published to raise public awareness about the need for better data protection.