The Panama Papers, an expensive lesson in having unsecured data

The ‘Panama Papers’ data breach of Panamanian legal, trust and accounting firm Mossack Fonseca revealed on 3 April 2016, consisted of a whopping 2.6TB of data covering over 11.5 million scanned and electronic files dating back to the 1970s and the fallout has been substantial globally and continues to grow day by day.

The hack of an email server which occurred at the start of 2015 was taken to German newspaper Süddeutsche Zeitung (“SZ”), however due to the immense scale of data for analysis, SZ brought US-based International Consortium of Investigative Journalists (ICIJ) on board.  400 journalists from 107 news organisations have pored over the documents and used special software OCR (Optical Character Recognition) and new graph database technology including Neo4j to help index and analyse the content.  The journalists then lifted connections such as people who share the same address who are not formally married, with material connections to suspicious bank accounts used for money laundering or other financial crimes and misdemeanours.

Whilst the announcement related to a mere 149 files out of the 11.5 million, the revelation that Mossack Fonseca was creating shell corporations in tax havens around the world for a substantial list of politicians and world figures, has increased the distrust of those in public positions who have either accessed and abuse public purse funds or sought tax avoidance for personal gain.

Who’s Who in the world spotlight?  In a swift snapshot from this initial reveal, Iceland’s Prime Minister Sigmundur Davíð Gunnlaugsson had to step down sharply following the news, whilst Argentinian President Macri and Ukranian President Petro Poroshenko await their fate.  Friends of Syrian President Bashar Assad Putin associates are facing scrutiny, whilst a number of FIFA officials have been implicated, along with soccer star Lionel Messi.  Celebrity producers include Hollywood’s David Geffen and Simon Cowell, plus singer Tina Turner and actor Jackie Chan. Meanwhile, in UK politics, PM David Cameron (through the tax affairs of his late stockbroker father and estate family gifts), has been forced to fend off accusations of immorality and lack of transparency by publishing personal tax returns.

So what for these people?
There will be massive consequences for any individual whose private financial affairs have been made public.  Their confidential business structures are now public, reputations will be damaged, no doubt lawsuits will be an end result and policy is likely to change.

So what for data controllers?
The breach highlights once again, this time on a massive scale, that organisations holding any personal data have no choice but to sit up and take acute note, re-review their own organisation’s security perimeters, policies, up to date licences, patch management and back up arrangements.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.