2.2 Million Sensitive Records Leaked
A mid-2014 database that contained 2.2 million records of individuals with suspected ties to terrorism, organized crime, money laundering, bribery, and corruption links has been leaked.
The source of the leak is from World-Check, a database of politically exposed persons and heightened risk individuals and organizations created to help banks avoid aiding terrorists. World-Check falls under the umbrella of parent company, Thomson Reuters, which is a major multinational mass media and information firm founded in Toronto. According Reuters, World-Check is used by over 300 government and intelligence agencies, 49 of the 50 largest global banks, and 9 of the 10 top international law firms.
Security researcher, Chris Vickery, is the one who claims to have discovered the database leak. He posted his findings to Reddit and also reached out to World-Check and Reuters. “No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time.” Vickery also reached out to the BBC, stating that “There was no protection at all. No username or password required to see the records.”
It is important to note, that while Thomson Reuters is the leader in this industry – they are not the only company gathering information and compiling a database of this nature. Reuters also reached out to the BBC in a statement from David Crudwell, Reuters Head of Corporate Affairs. “We are grateful to Chris Vickery for bringing this to our attention, and immediately took steps to contact the third party responsible – as a result we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident.”
Vickery also commented on his Reddit, that “The worst possible situation that could arise is that someone who may be innocent, but accused of criminal activity in the database, could be permanently branded on a global scale if this database were to be spread publicly.”
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.