Dow Jones & Company
Content |
Assets
History
2022: Ban on the supply of data on dubious customers during the conflict in Ukraine
In early June 2022, the Dow Jones service stopped supplying Russian banks with data on sanctions and lists of dubious customers. The Dow Jones service, the largest aggregator of data on the imposed sanctions, began to terminate contracts with Russian banks, RBC learned. Without these lists, they cannot qualitatively monitor customer operations and assess sanctions risks.
2019: Data disclosure of 2.4m customers due to misconfiguration of AWS server
At the end of February 2019, it became known about the accidental opening of access to data of a large number of bank customers due to the fact that the financial information agency Dow Jones & Co. incorrectly configured the Amazon Web Services (AWS) server. The error was discovered by information security specialist Bob Diachenko.
The 4.4 GB unprotected AWS Elasticsearch database contained data on 2.4 million users, including politicians, their relatives, partners, and related companies. Anyone, if desired, could find out the names, addresses, dates of birth, see photos, etc.
In addition, the database contained national and international sanctions lists, data on persons considered involved or accused of crimes, Dow Jones notes with quotes from sources from federal departments and law enforcement agencies. There were also lists of people involved or possibly involved in corruption scandals. All this information is used by banks.
Dow Jones confirmed the existence of a data risk and said that it arose as a result of an incorrect configuration of the AWS server by a third-party contractor. By the end of February 2019, the database, which anyone could previously access, was closed for public viewing.
According to Dow Jones spokeswoman Sophie Bent, all the information stored in this database has been collected from open sources.
In a conversation with SiliconANGLE, DivvyCloud CTO Chris DeRamus noted that Dow Jones was far from the first company to leave Elasticsearch's servers unprotected and thereby open access to confidential data. The expert recalled that in 2017, the same Dow Jones made errors in the settings of cloud storage, which led to the disclosure of information to 2.2 million customers.[1]