Anti-terrorism database World-Check has been leaked online, exposing more than two million records related to individuals and organizations accused of financial and other criminal offenses.
Noted security researcher Chris Vickery first broke the news, claiming that a two-year-old version of the database was being hosted unprotected by a third party.
World-Check aggregates law enforcement records, social media posts, media articles and other sources to provide a list of those suspected of terror and criminal links.
It’s mainly used by banks and government agencies and contains names and dates of birth – so the leak could have been a major privacy snafu.
However, Thompson Reuters – which runs the controversial service – sent the following statement to the BBC:
"We are grateful to Chris Vickery for bringing this to our attention, and immediately took steps to contact the third party responsible – as a result we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident.”
Security experts were quick to point out the security challenges that surround protecting large data warehouses like this one.
Digital guardian EMEA general manager, Luke Brown, argued that organizations have a duty of care and a legal obligation to protect such data.
"It doesn’t matter if the contents of that data are good, bad or ugly. If you store it, you have to look after it,” he added. “A simple mistake like this can have life-altering effects for those caught in the middle and whilst businesses often recover, it’s the victims that continue to pay the price."
Carbon Black national security strategist, Eric O’Neil, claimed the information could have been devastating if accessed by the wrong parties.
“The information stolen from the World-Check could be used by groups like ISIS to specifically focus their recruitment goals,” he argued. “These are ‘leads’ for Islamic State operatives seeking to recruit individuals to carry out lone-wolf style attacks such as what occurred in Orlando, or more coordinated attacks such as what we saw in Paris or Brussels.”
World-Check has been in the news before after featuring certain individuals incorrectly in its list – leading to their bank accounts being closed without redress.