Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices
Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella.
An enormous store of 11.5 million documents -- mostly emails -- leaked from Panamanian law firm Mossack Fonseca, has exposed illegal practices used by the rich across the globe to hide their wealth, disguise how they obtain that wealth, and avoid paying taxes. The 2.6 terabytes of data reveals secret information about the offshore holdings of political leaders and crime lords alike.
According to the report by the International Consortium of Investigative Journalists (ICIJ), published after a yearlong study of the documents by a collaboration of over 100 news organizations:
Reporters at [German newspaper] Süddeutsche Zeitung obtained millions of records from a confidential source and shared them with ICIJ and other media partners. The news outlets involved in the collaboration did not pay for the documents.
Before Süddeutsche Zeitung obtained the leak, German tax authorities bought a smaller set of Mossack Fonseca documents from a whistleblower, a move that triggered the raids in Germany in early 2015.
From Reuters:
The head of Mossack Fonseca, Ramon Fonseca, has denied any wrongdoing but said his firm had suffered a successful but "limited" hack on its database. He described the hack and leak as "an international campaign against privacy."
Whether or not the documents were simply leaked by a privileged insider or obtained through a hack of a database or email server, the exposure falls within the purview of information security.
According to the ICIJ report, Mossack Fonseca's data integrity and retention practices were willfully noncompliant -- the firm regularly backdated documents and also destroyed them to evade a US government investigation. According to ICIJ:
...the firm took steps to wipe potentially damaging records from phones and computers to keep details of their clients from the United States justice system. ... The documents even show that a firm employee traveled from Panama to [Las] Vegas to whisk paper documents out of the country.
For more, see the ICIJ report and The Guardian's guide to the report.
Related stories:
Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024