Dow Jones Watchlist database containing 2.4 million records leaked.
On February 22, 2019, Ukranian researcher Bob Diachenko identified a Dow Jones risk screening watchlist, exposing the identities of over 2.4 million people, including government officials, politicians, and people of political influence in every country of the world.
Sensitive information, including the identities of politically exposed persons (PEPs), as well as their relatives and close associates (RCA) were exposed. Additionally, the leak included national and international government sanction lists, persons linked to or convicted of high-profile crime, and profile notes from Dow Jones that included citations related to foreign governments and law enforcement agencies.
The records included names, addresses, locations, dates of birth, physical descriptions, primary languages, relatives, genders, and photos, along with detailed notes on each person or company. In a statement, Dow Jones confirmed that the breach was caused by an authorized third party’s misconfiguration of an AWS server, and the data is no longer available.
Cyber criminals are out there. What are you planning to do about it? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.
Here's how ManageEngine can help.
Log360, our comprehensive security information and event management (SIEM) solution, can help your organization:
- Identify cross-site scripting (XSS) attacks, malicious file installations, DoS attacks, SQL injection, and more with its real-time correlation capability.
- Alert security teams in real time about events that require their immediate attention, such as account lockouts, security group membership changes, unauthorized access attempts to files or folders, and network attacks.
- Detect unauthorized network access attempts with its built-in Structured Threat Information eXpression (STIX/TAXII) feeds processor. Log360 also has a global IP threat database that can instantly detect known malicious traffic passing through the network as well as outbound connections to malicious domains and callback servers. The global threat database contains more than 600 million blacklisted IP addresses that are collected from trusted open sources and updated daily.
- Find potential insider threats with the user and entity behavior analytics engine, which creates a baseline of normal activities that are specific to each user and notifies security personnel instantly when there's a deviation from this norm. Rather than using static threshold values, this tool employs a combination of data analytics and machine learning to define dynamic thresholds based on real-world user behavior.
- Obtain important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
- Automatically raise incidents as tickets to the designated administrator in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.
Download a free trial of Log360 to see the tool in action for yourself.