OWASP Foundation, a US-based non-profit organization that supports the OWASP (The Open Worldwide Application Security Project) infrastructure and projects, has disclosed a security incident that affected member resumes.

The data breach, which occurred in late February 2024, was caused by a misconfiguration of OWASP’s old Wiki web server. The incident impacted the personally identifiable information (PII) of OWASP members from 2006 to around 2014 who provided their resumes as part of joining OWASP.

The affected data includes names, email addresses, phone numbers, physical addresses and other personal information, the foundation said in a short data breach notice.

In response to the breach, OWASP disabled directory browsing, reviewed the web server and Media Wiki configuration for other security issues, removed the resumes from the wiki site altogether, and cleared the CloudFlare cache to prevent further access. It has also requested that the information be deleted from the Web Archive.

OWASP said it “collected resumes as part of the early membership process, whereby members were required in the 2006 to 2014 era to show a connection to the OWASP community.” The organization assured that it no longer collects resumes as part of the membership process.