Data leak exposes politicians and business leaders at Abu Dhabi finance summit

by
0 comments
Data leak exposes politicians and business leaders at Abu Dhabi finance summit

A data-security lapse at one of the Gulf’s largest investment events has exposed the identity documents of hundreds of high-profile attendees. Scans of more than 700 passports and state identity cards linked to Abu Dhabi Finance Week (ADFW) were found on an unsecured cloud storage server, according to reporting by the Financial Times and subsequent coverage by multiple security outlets. The exposure highlights how quickly a single misconfigured server can compromise some of the most prominent figures in global finance, politics and crypto.

Cyber ​​security experts said data breach risks damaging Gulf state’s reputation © Coco Feng/SCMP via Reuters

What was exposed

The affected files reportedly included passports, national identity cards and other personally identifiable documents belonging to attendees of ADFW, a state-backed conference that drew tens of thousands of participants in December. Among those whose documents were reported to be in the cache were former British prime minister David Cameron, hedge fund billionaire Alan Howard and American investor and former White House communications director Anthony Scaramucci. Other reported names included Richard Teng, chief executive of the crypto exchange Binance, and Lucie Berger, the European Union’s ambassador to the United Arab Emirates. Representatives for several of those named declined to comment when approached by the FT.

How the leak was found

The exposure was discovered by an independent security researcher, identified in reports as Roni Suchowski, using off-the-shelf software that scans cloud services for insecure, publicly accessible data. According to the reporting, the files required no authentication to view and may have been openly accessible for around two months. The researcher said attempts to alert the organisers were initially unsuccessful, after which the FT was contacted. The server was reported to have been secured after the publication raised the issue with ADFW.

Why misconfigured cloud storage keeps causing breaches

Incidents of this kind rarely involve sophisticated hacking. More often, sensitive files are placed in cloud storage that is left open to the public internet through a configuration mistake, and automated scanners then find it. Passport scans are especially sensitive because they combine a photograph, full name, nationality, date of birth and document number, which together can support identity theft, targeted fraud and social-engineering attacks. For events that collect identity documents from thousands of attendees for accreditation, the volume of concentrated, high-value data makes secure handling and prompt deletion particularly important.

What to watch

Details of the incident come primarily from the FT’s reporting and the researcher who identified the data, and some specifics, including the exact number of documents and the length of exposure, are based on samples reviewed rather than a full public audit. The organisers had not, at the time of reporting, published a detailed account of how the data came to be exposed or how many people were ultimately affected. Individuals who attend events requiring identity documents can reasonably ask how their data is stored, who has access and when it will be deleted, and can monitor for signs of identity misuse if they believe they may be affected. Independent coverage of the incident is available from Dark Reading and TechRadar.

Related Articles