14 DAY TRIAL // MacKeeper security researcher Chris Vickery says he came to be in possession of a database with 2.2 million records that contain the personal details of "heightened-risk individuals."
The database's name is World-Check, and it was stolen by an unnamed third-party and later given to Vickery to release. Vickery has now opened a Reddit thread, asking the community if he should follow through and put the data online.
World-Check used by over 300 governments and intelligence agencies
World-Check is a database compiled and maintained by Thomson Reuters, the same company behind the leading Reuters news agency.
Thomson Reuters is renting the database to some of the world's largest governments and privately owned businesses, which use it to assess future investments and detect problematic individuals.
Some of World'Check biggest clients include over 300 government and intelligence agencies, 49 out of the top 50 banks in the world, and nine out of the ten of the biggest law firms.
Besides "high-risk individuals," World-Check includes details on organizations that allegedly support terrorism and a blacklist of 93,000 people with strong ties to terrorist organizations.
World-Check has been criticized for its inaccuracies in the past
The rest of the database consists of individuals that might pose problems, added to the database after to an analysis of their actions, interests, and other information acquired by Thomson Reuters from publicly available sources.
BBC and Vice have criticized the company and its database, both revealing some of World-Check's inaccuracies, such as labeling an American Muslim civil rights leader as a high-risk individual, even if he was actively campaigning against ISIS and other terror groups for years.
Vickery is now facing a tough decision. His reasoning is that this database is being used by government and intelligence agencies to spy or keep track of innocent civilians who might have ended up on the list by mistake. Additionally, private businesses are declining service to some of these individuals because of these labeling mistakes.
Thomson Reuters is aware of the leak
On the other hand, even if the data is aggregated from public sources, it's still the private property of Thomson Reuters, who put countless man hours into classifying and ordering te data.
Furthermore, releasing the data may tip off the actual bad guys who are in the database and who might move to change their identities.
At the moment of writing, Vickery has not yet released the World-Check database. He did say that Thomson Reuters contacted him to inquire about the potential source of the leak, in order to secure their servers.
"One important point that they would like to highlight (and something I'll agree with): Thomson Reuters is not the only company gathering this kind of data and putting together this type of database," Vickery wrote in an update to his Reddit post. "They may be a leader in the industry, but it's not fair to vilify them as if they were the only company in the market."