A financial crime database used by banks has been “leaked” on to the net.
World-Check Risk Screening contains details about people and organisations suspected of being involved in terrorism, organised crime and money laundering, among other offences.
Access is supposed to be restricted under European privacy laws.
The database’s creator, Thomson Reuters, has confirmed an unnamed third-party exposed an “out of date” version online.
But it says the material has since been removed.
Security researcher Chris Vickery said he discovered the leak. He notified the Register, which reported that it contained more than two million records and was two years old.
“There was no protection at all. No username or password required to see the records,” Mr Vickery told the BBC.
“I want to be clear that this unprotected database was not directly hosted by Thomson Reuters itself.”
A spokesman for the financial data provider said it was trying to tackle the problem.
“We are grateful to Chris Vickery for bringing this to our attention, and immediately took steps to contact the third party responsible – as a result we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident,” David Crundwell said.
“World-Check aggregates financial crime data from the public domain, including official sanctions data, to help clients meet their regulatory responsibilities.”
Other sources of information used to collate the database include :
- local law enforcement records
- political websites
- articles published in the press and on personal blogs
- social media posts
Individuals’ dates and places of birth are also listed, in order to help banks check they are looking into the right people.