Database exposes names of risky potential bank customers


A LexisNexis database of people convicted of crimes or who might be susceptible to bribery leaked onto the open internet.

Graphic by Pixabay/Illustration by CNET

If your name’s on this list, banks will treat you with extreme caution. The database is supposed to be private, but it was found online, accessible by anyone with a web browser, a security researcher said Friday.

Called WorldCompliance Data, it’s LexisNexis’s proprietary database that warns financial institutions when potential customers have been convicted of financial crimes or might be susceptible to bribery.

The data contained more than 4.5 million records, said Bob Diachenko, the researcher who identified the exposed database. Based on a sample of the data seen by CNET, the database revealed people’s names, ages and country, as well as any criminal convictions or status as a “potentially exposed person.” Called PEPs, these are people, often in governments, who might be targets of extortion or bribery attempts.

The exposure is part of a larger problem of misconfigured databases, which have leaked everything from the health care records of drug rehabilitation patients to the expected salaries of job seekers. As organizations around the world move their data to cloud servers, not all of them have the expertise to lock the data behind a password. A group of researchers around the world look for the databases using special search techniques and custom software, trying to help get the data secured when they find it. But hackers can use the same tools, making the exposures risky.

It’s the third such dataset Diachenko has discovered. In February, he said he discovered Dow Jones’ Watchlist, which contains similar records, exposed on the internet. In July, he detailed findings of a dataset that appeared to contain records from a variety of sources, including LexisNexis.

LexisNexis didn’t immediately respond to a request for comment. Diachenko noted that it’s unclear what organization maintained the version of the database that was exposed. For example, a bank or other organization that pays for access to the data may have been the source of the exposure.

This is a developing story…

Source link


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *