Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Thomson Reuters Terrorism Database Leaked Online

An online database containing the names of 2.2 million heightened risk individuals and organizations was left unprotected and downloaded by a security researcher who has considered making the information public.

An online database containing the names of 2.2 million heightened risk individuals and organizations was left unprotected and downloaded by a security researcher who has considered making the information public.

Over the past months, researcher Chris Vickery has identified many misconfigured databases that exposed hundreds of millions of user records online. Earlier this week, the expert revealed that he discovered an older copy of Thomson Reuters’ controversial World-Check database.

World-Check is a global risk intelligence database that financial institutions, governments, law enforcement and intelligence agencies can use to “uncover hidden risks in business relationships and human networks.”

The database, compiled based on publicly available information by over 350 research analysts, covers financial crimes, terrorism, sanctions, organized crime, and politically exposed persons. Thomson Reuters says only vetted entities are given access to World-Check.

The terrorism section of the database is the most controversial as it has been found to include important charities and religious institutions. While Thomson Reuters has advised customers not to rely solely on this data when making a decision, many people have been concerned about its impact on individuals and organizations.

Vickery discovered that a third party left an unsecured copy of the database online. The copy he accessed and downloaded is from mid-2014 and includes the names of 2.2 million people and organizations. The researcher discussed his findings on Reddit, where he asked users if he should make the information public.

“No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time,” Vickery said.

The expert notified Thomson Reuters about the unprotected database and the mass media giant ensured that the third party responsible for the leak addressed the issue.

Advertisement. Scroll to continue reading.

This was not the first time Vickery found an exposed database storing a large number of records. In December 2015, the researcher discovered some databases containing information on hundreds of millions of U.S. voters.

Related: Misconfigured Database Exposed Microsoft Site to Attacks

Related: Database of California Electric Utility Exposed Online

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights