Terror-suspect database leaked online
30 Jun 2016
At least one non-authorised person had accessed sensitive information following the leak of global counter-terrorism database World-Check, owned by Thomson Reuters.
According to Chris Vickery, a security researcher at the software company MacKeeper, a copy of the World-Check database from mid-2014 had come into his possession. He posted about the development on Reddit.
''No hacking was involved in my acquisition of this data,'' Vickery pointed out. ''I would call it more of a leak than anything, although not directly from Thomson Reuters.''
According to Vickery, the database was a 2.2 million-record copy of ''heightened-risk individuals and organizations.''
''We monitor over 530 sanction, watch and regulatory law and enforcement lists, and hundreds of thousands of information sources, often identifying heightened-risk entities months or years before they are listed,'' Thomson Reuters explains on its website.
According to Reuters, World-Check was updated by over 350 research analysts based in 11 research centres across five continents.
Confirming the leak to TechCrunch, Thomson Reuters spokesperson David Crundwell said it was due to - as Vickery said - a ''third party.''
''Thomson Reuters was yesterday alerted to out-of-date information from the World-Check database that had been exposed by a third party,'' the company said in a statement. ''We are grateful to Chris Vickery for bringing this to our attention, and immediately took steps to contact the third party responsible. As a result, we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident.''
The database, is used by banks, governments and intelligence agencies to screen people for criminal ties and links to terrorism.
Vickery had earlier exposed database leaks related to Mexican voters, a Hello Kitty online fan community and medical records.
Only a small part of the data related to terrorism suspects, but there are other categories including individuals with ties to money laundering, organised crime, corruption and others.
Vickery has asked Reddit users whether the database should leaked to the public. Vickery is concerned that innocent people might have been placed in the list.