A database of heightened-risk individuals and organizations, some of which are thought to be involved in financial crime, corruption, and terrorism, has leaked.
The so-called World-Check Risk Screening database contains 2.2 million names of people and companies, according to Chris Vickery, a security researcher at MacKeeper, who said on a Reddit thread that he acquired the database.
The database dates back to mid-2014, and it contains names, dates, places of birth, and other sensitive information, which is collected from law enforcement records, political information, articles, blog posts, and social media, among other sources.
A smaller category of about 93,000 individuals thought to be involved in terrorism is also said to be in the database.
Access to the database is restricted to vetted individuals under strict European data protection laws.
Financial and information giant Thomson Reuters, which acquired the company for $530 million in 2011, admitted the database had been leaked, but the database is not thought to have come from Thomson Reuters' servers.
A spokesperson for the company confirmed the security lapse has been plugged.
"Thomson Reuters was yesterday alerted to out-of-date information from the World-Check database that had been exposed by a third party. We are grateful to Chris Vickery for bringing this to our attention and immediately took steps to contact the third party responsible. As a result, we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident," said the spokesperson.
Many banks and law firms use the database to help "minimize ... risk of complicity in terrorist financing or money laundering," according to an investigation by Vice News.
Vickery has not yet publicly released the data, however, given its sensitivity.
Vickery is known for his security work, including when he revealed the exposure of millions of Mexican voters, over 191 million US voters, and over three million Kello Kitty fans' data. He also discovered the exposure of 13 million MacKeeper user accounts. MacKeeper fixed the flaw and later hired the researcher.