In yet another case of a security breach, a watchlist of risky individuals and corporate entities owned by Dow Jones has been exposed, after a third party with access to the database left it on a server without a password, according to a report by TechCrunch.
The incident came to light when Bob Diachenko, an independent researcher found that the Amazon Web service hosted Elasticsearch database exposing more than 2.4 million records of individuals and personal entities.
The data is the financial leviathan’s watchlist database as a part of risk and compliance efforts. This is not the first time that such an incident has taken place. Other financial companies like Thomson Reuters have also have been at the receiving end of such leaks and they have also been exposed over the years.
According to a 2010 dated brochure, the watchlist allows customers to “easily and accurately identify high-risk clients with detailed, up-to-date profiles on any individual or company in the database.”
The data includes politicians, individuals or companies under sanction or anyone with links to terrorism. The names on the list include ‘Special Interest Persons’ according to the document seen by TechCrunch.
The data has been curated from public sources and many individual records were sourced from Dow Jones’ Factiva New Archive.
As per the report by Tech Crunch, the record varies wildly and has names, addresses, cities and locations and also the information whether the person is deceased or not.
One such name found on the watchlist that might intrigue many is that of Badruddin Haqqani, commander of the Haqqani guerilla insurgent network in Afghanistan. He was killed in an air strike in Pakistan months later.
Speaking about the data leak, Dow Jones spokesperson Sophie Bent said: “This dataset is part of our risk and compliance feed product, which is entirely derived from publicly available sources.” She added that the leak happened because of an authorized third party but refused to divulge the details.
It is not the first time that Dow Jones has been at the center of the storm. Two years ago, Dow Jones admitted a similar cloud storage misconfiguration that exposed the names of nearly 2.2 million customers.