3 minutes read

Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach

Bob Diachenko

Bob Diachenko

Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach

On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge).

“Used by eight of the world’s ten largest, global, financial institutions Dow Jones Watchlist is statistically proven to be the most accurate, complete, and up-to-date list of senior PEPs (politically exposed persons), their relatives and close associates”.

The database I discovered contained an astonishing 2,418,862 records detailing:

  • global coverage of senior Politically Expose Persons, their relatives, close associates, and the companies they are linked to.  
  • national and international government sanction lists and categories
  • persons officially linked to, or convicted of, high-profile crime
  • profile notes from Dow Jones including citing Federal agencies and law enforcement sources.

In other words, it contained the identities of government officials, politicians and people of political influence in every country of the world. The data is designed to help identify risks when researching an individual and efficient due diligence. Obviously banks use Watchlist data to identify money laundering and illicit payments through key information about a public figure’s identity.

Every record presented one or several lists where an individual was put:

  • Politically Exposed Person (PEP)
  • Special Interest Person (SIP) or Special Interest Entity (SIE)

“Doing business with the wrong person just once can result in steep financial penalties for your organization and legal proceedings against key executives. The ensuing scandal can cause irreparable damage to your corporate reputation”.

– quote from the Dow Jones sales brochure.

After reaching out to Dow Jones security incident response team on the same day when instance was discovered, database has been taken down with the following statement:

This data is entirely derived from publicly available sources. At this time our review suggests this resulted from an authorized third party’s misconfiguration of an AWS server, and the data is no longer available.

Publicly revealing the database beyond the aforementioned leak could be reckless: Watchlist database contains sensitive information on citizens regarding their alleged criminal histories and possible terrorist links.

Let’s face it we live in the age of Big Data where we are probably going to be on a list someday, but let’s hope that list is not leaked online or publically available? Big Data and “data mining” in this case allows Watchlist’s users to have a far better understanding of information and research than just a simple Google search can provide.

Dow Jones Watchlist is an online research database which aggregates licensed and publically available news, magazines, blogs etc from across the globe, but they also have a research team who updates these names and connections.

The information is  then indexed, tagged and searchable.

What makes this data so much more valuable is the focus on premium and reputable sources. In the age of fake news and social engineering online it is easy to see how valuable this type of information would be to companies, governments, or individuals.

About author and security researcher:

Bob Diachenko has over 12 years experience working in corporate/product/internal communications with a strong focus on infosecurity, IT and technology. In the past Bob has worked with top tier media, government agencies, and law enforcement to help secure exposed data. Follow Bob on Twitter and his blog on Linkedin, Email: [email protected]