The database dates back to mid-2014, and it contains names, dates, places of birth, and other sensitive information, which is collected from law enforcement records, political information, articles, blog posts, and social media, among other sources.
A smaller category of about 93,000 individuals thought to be involved in terrorism is also said to be in the database.
Access to the database is restricted to vetted individuals under strict European data protection laws.
A spokesperson for the company confirmed the security lapse has been plugged.
"Thomson Reuters was yesterday alerted to out-of-date information from the World-Check database that had been exposed by a third party. We are grateful to Chris Vickery for bringing this to our attention and immediately took steps to contact the third party responsible. As a result, we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident," said the spokesperson.
Many banks and law firms use the database to help "minimize ... risk of complicity in terrorist financing or money laundering," according to an investigation by Vice News.
Vickery has not yet publicly released the data, however, given its sensitivity.