Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach

Bob Diachenko reports:

On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge).

“Used by eight of the world’s ten largest, global, financial institutions Dow Jones Watchlist is statistically proven to be the most accurate, complete, and up-to-date list of senior PEPs (politically exposed persons), their relatives and close associates”.

The database I discovered contained an astonishing 2,418,862 records detailing:

  • global coverage of senior Politically Expose Persons, their relatives, close associates, and the companies they are linked to.
  • national and international government sanction lists and categories
  • persons officially linked to, or convicted of, high-profile crime
  • profile notes from Dow Jones including citing Federal agencies and law enforcement sources.

In other words, it contained the identities of government officials, politicians and people of political influence in every country of the world.

Read more on Security Discovery.   Also read Zack Whittaker’s coverage on TechCrunch.

About the author: Dissent