A database containing the names of people suspected to be involved in terrorism and organized crime has been obtained by a white hat hacker who is pondering whether to make the data public. The records belong to World-Check Risk Screening, a division of Thomson Reuters.
World-Check helps clients screen for heightened-risk individuals and entities globally to help uncover hidden risks in business relationships and human networks, according to the company. That includes details about people and organizations suspected to be involved in money laundering, organized crime and terrorism.
Thomson Reuters confirmed this week that an out-of-date version of the database was exposed by an unnamed third party. The leak was discovered by a security researcher named Chris Vickery, who notified The Register. Thomas Reuters has since removed the material, according to reports.
That news outlet reported that the database contained more than 2 million records and was about two years old. Vickery told the Reddit discussion board that the database wasn?EU?t protected, and that he gained access to it without a username or password.
The database was unprotected and was not hosted directly by the company, according to Thomson Reuters. The company said that the World-Check subsidiary aggregates financial crime data from the public domain, including official sanctions data, to help clients meet their regulatory responsibilities.
Other sources of information used to collate the database include local law enforcement records, social media posts, political Web sites and articles published in media outlets and on personal blogs.
“We are grateful to Chris Vickery for bringing this to our attention, and immediately took steps to contact the third party responsible — as a result we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of…