Skip to main content
https://www.highperformancecpmgate.com/rgeesizw1?key=a9d7b2ab045c91688419e8e18a006621

Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked

A watchlist of risky individuals and corporate entities owned by Dow Jones has been exposed, after a company with access to the database left it on a server without a password.

Bob Diachenko, an independent security researcher, found the Amazon Web Services-hosted Elasticsearch database exposing more than 2.4 million records of individuals or business entities.

The data, since secured, is the financial giant’s Watchlist database, which companies use as part of their risk and compliance efforts. Other financial companies, like Thomson Reuters, have their own databases of high-risk clients, politically exposed persons and terrorists — but have also been exposed over the years through separate security lapses.

A 2010-dated brochure billed the Dow Jones Watchlist as allowing customers to “easily and accurately identify high-risk clients with detailed, up-to-date profiles” on any individual or company in the database. At the time, the database had 650,000 entries, the brochure said.

That includes current and former politicians, individuals or companies under sanctions or convicted of high-profile financial crimes such as fraud, or anyone with links to terrorism. Many of those on the list include “special interest persons,” according to the records in the exposed database seen by TechCrunch.

Diachenko, who wrote up his findings, said the database was “indexed, tagged and searchable.”

From a 2010-dated brochure of Dow Jones’ Watchlist, which at the time had 650,000 names of individuals and entities. The exposed database had 2.4 million records. (Screenshot: TechCrunch)

Many financial institutions and government agencies use the database to approve or deny financing, or even in the shuttering of bank accounts, the BBC previously reported. Others have reported that it can take little or weak evidence to land someone on the watchlists.

The data is all collected from public sources, such as news articles and government filings. Many of the individual records were sourced from Dow Jones’ Factiva news archive, which ingests data from many news sources — including the Dow Jones-owned The Wall Street Journal.

But the very existence of a name, or the reason why a name exists in the database, is proprietary and closely guarded.

The records we saw vary wildly, but can include names, addresses, cities and their location, whether they are deceased or not and, in some cases, photographs. Diachenko also found dates of birth and genders. Each profile had extensive notes collected from Factiva and other sources.

One name found at random was Badruddin Haqqani, a commander in the Haqqani guerilla insurgent network in Afghanistan affiliated with the Taliban. In 2012, the U.S. Treasury imposed sanctions on Haqqani and others for their involvement in financing terrorism. He was killed in a U.S. drone strike in Pakistan months later.

The database record on Haqqani, who was categorized under “sanctions list” and terror,” included (and condensed for clarity):

DOW JONES NOTES:
Killed in Pakistan's North Waziristan tribal area on 21-Aug-2012.

OFFICE OF FOREIGN ASSETS CONTROL (OFAC) NOTES:

Eye Color Brown; Hair Color Brown; Individual's Primary Language Pashto; Operational Commander of the Haqqani Network

EU NOTES:

Additional information from the narrative summary of reasons for listing provided by the Sanctions Committee:

Badruddin Haqqani is the operational commander for the Haqqani Network, a Taliban-affiliated group of militants that operates from North Waziristan Agency in the Federally Administered Tribal Areas of Pakistan. The Haqqani Network has been at the forefront of insurgent activity in Afghanistan, responsible for many high-profile attacks. The Haqqani Network's leadership consists of the three eldest sons of its founder Jalaluddin Haqqani, who joined Mullah Mohammed Omar's Taliban regime in the mid-1990s. Badruddin is the son of Jalaluddin and brother to Nasiruddin Haqqani and Sirajuddin Haqqani, as well as nephew of Khalil Ahmed Haqqani.

Badruddin helps lead Taliban associated insurgents and foreign fighters in attacks against targets in south- eastern Afghanistan. Badruddin sits on the Miram Shah shura of the Taliban, which has authority over Haqqani Network activities.

Badruddin is also believed to be in charge of kidnappings for the Haqqani Network. He has been responsible for the kidnapping of numerous Afghans and foreign nationals in the Afghanistan-Pakistan border region.

UN NOTES:

Other information: Operational commander of the Haqqani Network and member of the Taliban shura in Miram Shah. Has helped lead attacks against targets in southeastern Afghanistan. Son of Jalaluddin Haqqani (TI.H.40.01.). Brother of Sirajuddin Jallaloudine Haqqani (TI.H.144.07.) and Nasiruddin Haqqani (TI.H.146.10.). Nephew of Khalil Ahmed Haqqani (TI.H.150.11.). Reportedly deceased in late August 2012.

FEDERAL FINANCIAL MONITORING SERVICES NOTES:

Entities and individuals against whom there is evidence of involvement in terrorism.

Dow Jones spokesperson Sophie Bent said: “This dataset is part of our risk and compliance feed product, which is entirely derived from publicly available sources. At this time our review suggests this resulted from an authorized third party’s misconfiguration of an AWS server, and the data is no longer available.”

We asked Dow Jones specific questions, such as who the source of the data leak was and if the exposure would be reported to U.S. regulators and European data protection authorities, but the company would not comment on the record.

Two years ago, Dow Jones admitted a similar cloud storage misconfiguration exposed the names and contact information of 2.2 million customers, including subscribers of The Wall Street Journal. The company described the event as an “error.”

Comments

Popular posts from this blog

Uber co-founder Garrett Camp steps back from board director role

Uber co-founder Garrett Camp is relinquishing his role as a board director and switching to board observer — where he says he’ll focus on product strategy for the ride hailing giant. Camp made the announcement in a short Medium post in which he writes of his decade at Uber: “I’ve learned a lot, and realized that I’m most helpful when focused on product strategy & design, and this is where I’d like to focus going forward.” “I will continue to work with Dara [Khosrowshahi, Uber CEO] and the product and technology leadership teams to brainstorm new ideas, iterate on plans and designs, and continue to innovate at scale,” he adds. “We have a strong and diverse team in place, and I’m confident everyone will navigate well during these turbulent times.” The Canadian billionaire entrepreneur signs off by saying he’s looking forward to helping Uber “brainstorm the next big idea”. Camp hasn’t been short of ideas over his career in tech. He’s the co-founder of the web 2.0 recommendatio...

Leading VCs discuss how COVID-19 has impacted the world of digital health

In December 2019, Extra Crunch spoke to a group of investors leading the charge in health tech to discuss where they saw the most opportunity in the space leading into 2020 . At the time, respondents highlighted startups in digital therapeutics, telehealth and mental health that were improving medical practitioner efficiency or streamlining the distribution of care, amongst a variety of other digital health markets that were garnering the most attention. Where top VCs are investing in digital health In the months since, the COVID-19 crisis has debilitated national healthcare systems and the global economy. Weaknesses in healthcare systems have become clearer than ever, while startups and capital providers have struggled to operate while wide swaths of the market effectively shut down. Given significant volatility and the rapid changes seen in the worlds of healthcare, venture and startups broadly, we wanted to understand which inefficiencies might have been brought to light, w...

News-reading app Flipboard expands local coverage, including coronavirus updates, to 12 more U.S. metros

Earlier this year, personalized news aggregation app Flipboard expanded into local news . The feature brought local news, sports, real estate, weather, transportation news and more to 23 cities across the U.S. Today, Flipboard is bringing local news to 12 more U.S. metros and is adding critical coronavirus local coverage to all of the 35 supported locales. The 12 new metros include the following:  Baltimore, Charlotte, Cleveland, Detroit, Indianapolis, Nashville, Pittsburgh, Orlando, Raleigh, Salt Lake City, St. Louis, and Tampa Bay. They join the 23 cities that were already supported:  Atlanta, Austin, Boston, Chicago, Dallas, Denver, Houston, Las Vegas, Los Angeles, Miami, Minneapolis-St. Paul, New Orleans, New York City, Philadelphia, Phoenix, Portland, Sacramento, San Diego, San Francisco Bay Area, Seattle, Toronto, Vancouver and Washington, D.C. To offer local news in its app, Flipboard works with area partners, big and small, like The Plain Dealer’s Cleveland.com , ...