Texas Right to Life Data Breach: Resumes of Job Applicants Exposed

Data Breach at Texas Right to Life Exposes Applicant Information

Texas Right to Life, an anti-abortion organization, experienced a data security incident. The personal details of hundreds of job applicants were inadvertently made public.

Unprotected Resumes Accessible Online

A security vulnerability on the organization’s website allowed unrestricted access to a directory containing applicant resumes. This directory was not adequately secured, exposing sensitive information.

The exposed files encompassed resumes from over 300 individuals. These documents contained personally identifiable information, including names, phone numbers, addresses, and employment histories.

Swift Remediation of the Security Flaw

The website flaw was addressed promptly over the weekend following reports circulating on Twitter. Currently, the exposed files are no longer available on the website.

Organization's Response to the Incident

Kimberlyn Schwartz, a spokesperson for Texas Right to Life, stated that the organization is “taking action to protect the concerned individuals.” This refers to those who accessed and disseminated the leaked information.

However, when questioned, Schwartz did not confirm whether the organization intends to directly notify individuals whose personal data was compromised due to the security lapse.

Context: Controversial Whistleblower Website

This incident occurred shortly after Texas Right to Life launched a controversial “whistleblower” website. The site encouraged residents of Texas to report suspected violations of the state’s restrictive abortion law.

The new law permits private citizens to sue individuals seeking abortions, or those who assist them, after a gestational age of six weeks.

Website Targeted with Disruptive Submissions

The “whistleblower” website quickly became a target for protest. It was inundated with fabricated reports, internet memes, and inappropriate content.

The site experienced temporary downtime on Thursday, coinciding with the release of an iOS shortcut designed to automate the submission of false information.

Hosting Issues and Subsequent Website Redirection

GoDaddy, the initial hosting provider, terminated service to Texas Right to Life, citing violations of its terms of service. The organization was given 24 hours to secure alternative hosting.

A brief attempt was made to utilize Epik, a web host known for supporting controversial platforms, but this arrangement was also short-lived.

As of Monday, the “whistleblower” website now redirects to Texas Right to Life’s primary website.