On the evening of November 5, 2017, the International Consortium of Investigative Journalists (known for the Panama Papers and other breaches) began to publicize a new, massive offshore data breach, this time exposing over 13.4 million records belonging to the Bermuda-based Appleby Law firm and Estra Corporate Services provider.
Within less than 12 hours, the first data-leak releases have made headlines across the world, in over 90 leading news outlets that pre-coordinated their release with the ICIJ.
Files exposed will reportedly discuss the offshore interests and activities of more than 120 politically-exposed persons from five continents.
Over 100 multinational corporations are also featured for their offshore activities.
Over 7 million records from Appleby’s exposed stretch from 1950 to 2016, and include emails, loan statements (some over 1 billion USD), involving at least 25,000 companies, and connected to people in over 180 countries.
Exposure of some entities to nefarious activities relating to sanctions and tax evasion.
In terms of numbers of files, the ICIJ has confirmed to us that this is the largest data breach conducted thus far.
The ICIJ added new information from the Paradise Papers to its existing database on 5 November 2017, mainly on high-level politicians mentioned in the breach. This information will then be fused with previous leaks. Additional information is expected to be publicized “in the coming weeks” likely as part of a strategy to enable an ongoing news-cycle surrounding the breach.
Expected impact on compliance departments
As we’ve seen with the Panama Papers, Bahamasleaks, and other breaches; the so-called ParadisePapers breach is likely to be gradually revealed, drawing the interest of international news media and impacting local politics for the coming weeks and months. Compliance departments will be faced with the following challenges:
Monitoring if their clients, counterparties, employees, or branches are mentioned in the databreach as it is gradually made public
Identifying and analyzing the spin-off risk caused by media coverage of these releases in local media
Understanding whether mentions of their counterparties have a regulatory impact due to nefarious activities, or related accusations.
MITIGATING YOUR RISK, ENABLING YOUR BUSINESS
Sqope continues to monitor the impact of the Paradise Papers in order to proactively enable our clients to navigate any reputation and compliance risks posed by their clients and partners. This includes:
Screening-Checks on client lists or business partners to identify and alert potential direct exposure.
Reputation-focused due diligence, reports that tackle any exposure to this current databreach, and those that have preceded it, in order to properly identify risk posed by your counterparties.
Sqope View monitoring tool: Constant checks on individuals who were subjects to a previous Sqope Report.
Tailor-made Solutions: Utilizing our unique cyber methodology, proprietary source database, and global network of investigators.
Our research center continues to monitor the Paradise Papers as they are gradually released, while our sales representatives are standing by to assist our clients with our solutions.