A proprietary watchlist of 2.4M risky individuals and corporate entities owned by Dow Jones has been exposed, after a third-party company with access left it on an AWS-hosted Elasticsearch database without a password. The indexed, tagged and searchable list includes current and former politicians, citizens with alleged criminal histories and possible terrorist links, and companies under sanctions or convicted of high-profile financial crimes. The exposed records include names, addresses, locations, dates of birth, genders, whether they are deceased or not, and in some cases, photographs.
Ameesh Divatia, Co-Founder & CEO, Baffle
"Organizations must develop strategies that focus on protecting the data they collect at all times. "