A controversial global database used by numerous banks, governments, and intelligence agencies to identify suspected terrorists and criminals has reportedly leaked online.
The mid-2014 version of the World-Check Risk Screening database contains details of individuals and organizations suspected of having some involvement with terrorism, organized crime, money laundering, and many other offenses. The 2.2 million records are used by 49 of the world’s 50 largest banks, along with governments and various agencies, for screening purposes.
While database creator Thomson Reuters aggregates the information using information available to the public, European privacy laws mean access is restricted to vetted clients. The service is said to have over 6000 customers in 170 countries.
“We monitor over 530 sanction, watch and regulatory law and enforcement lists, and hundreds of thousands of information sources, often identifying heightened-risk entities months or years before they are listed. In fact, in 2012 alone we identified more than 180 entities before they appeared on the US Treasury Office of Foreign Assets Control (OFAC) list based on reputable sources identifying relevant risks,” states the Thomson Reuters website.
The discovery was made by security researcher Chris Vickery, who has uncovered a number of other online leaks including the Hello Kitty breach, both the Mexican and US voter database dumps, and the beautifulpeople.com dating site leak.
"There was no protection at all. No username or password required to see the records," Vickery told the BBC. "I want to be clear that this unprotected database was not directly hosted by Thomson Reuters itself."
World-Check has courted controversy for including individuals and groups on its database that have no connection to crime. Vice News found it has been known to list charities, activists, and religious institutions as terrorists.
"The worst possible situation that could arise is that someone who may be innocent, but accused of criminal activity in the database, could be permanently branded on a global scale if this database were to be spread publicly," added Vickery.
A spokesperson said an unnamed third-party was responsible for leaking the “out of date” information, and the company was working to secure the data.
Thomson Reuters was yesterday alerted to out of date information from the World-Check database that has been exposed by a third party. We are grateful to Chris Vickery for bringing this to our attention, are doing our utmost to secure the information, and are contacting the third party direct as a matter of urgency. World-Check aggregates financial crime data from the public domain, including official sanctions data, to help clients meet their regulatory responsibilities