Site icon Sophos News

Database of 2.2m suspected terrorists, money launderers leaked online

A database that classifies people, major charities, activists, and mainstream religious institutions as potential terrorists or money launderers was found available to anybody who knew where to look online, with no credentials needed to access it.

The mid-2014 copy of Thomson Reuters’ World-Check confidential intelligence database was likely posted by one of the company’s customers.

MacKeeper security researcher Chris Vickery, who on Tuesday posted about his find on Reddit, said it hadn’t come directly from Thomson Reuters:

No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time.

On Wednesday, David Crundwell, a spokesperson for Thomson Reuters, sent out this statement:

“Thomson Reuters was yesterday alerted to the fact that out of date information from the World-Check database had been exposed by a third party. We are grateful to Chris Vickery for bringing this to our attention, and have acted with the utmost urgency to contact the third party concerned—with whom we are now in contact in order to secure the information.”

It sounds similar to another recent Vickery discovery. In late June, he found a database, containing 154 million US voter registration records, leaking information on a dizzying array of intimate details, including gun ownership. Vickery believed it was likely leaked by a purchaser hosting it in an insecure manner.

The database in this week’s leak, World-Check, is a global database of “heightened-risk individuals.”

According to Vice, it’s used by over 300 government and intelligence agencies, pre-employment vetting agencies, 49 of the 50 biggest banks, and 9 of the top 10 global law firms.

In an investigation published in February, Vice found that the database has grown “dramatically” since its founding in 1999. The number of entries in its “terrorism” category has grown five-fold since 2007, to over 93,000. As of February, the list contained 2.7 million individuals and entities.

As Vice noted, banks and law enforcement agencies find this “risk data” vital. Particularly after the US fined HSBC $1.9 billion after a Senate investigation found that the bank had served as a channel for “drug kingpins and rogue nations”.

The terrorism category is only a small part of the database of “heightened-risk” individuals and organizations, Vickery noted. It also categorizes individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other illegal activities.

Motherboard reviewed a copy of the exposed World-Check database and found that it contains over 2,240,000 entries, including the categories “political individual,” “corporate,” “military,” and “crime—narcotics.”

World-Check says that the list is sourced from the public domain, including sanction, watch, regulatory and law enforcement lists, as well as local and international government records.

Exit mobile version