Inside the ADFW Data Leak that Exposed World Leaders

Data leaks have become so routine that the only question is, 'who will be next?'

Now, it is world leaders, politicians and business leaders in the crosshairs of a possible breach. 

High-profile attendees of Abu Dhabi Finance Week (ADFW) – held back in December – had their personal details exposed online for nearly two months, with the lengthy victim list including former UK Prime Minister David Cameron and hedge fund billionaire Alan Howard.

At least 700 scanned identity documents were found in an unprotected cloud storage server associated with ADFW, according to the Financial Times. The state-sponsored event hosted more than 35,000 attendees in all. 

ADFW says all data is now secure after noting there was “a vulnerability in a third-party vendor-managed storage”. 

Andy Ward, VP International at Absolute Security, comments: "This incident underlines the seismic implications of a major data breach, in this case threatening the safety and security of world leaders. 

“The reality is that any organisation can fall victim to a cyber attack – regardless of how advanced or under-developed their systems are. 

“Complacency is not an option, as hackers will always find an open door. We need to continue deploying effective detection and prevention measures, while at the same time ramping up cyber resilience to ensure fast recovery – a priority that should be at the very top of the boardroom agenda.”

ADFW cyber focus adds irony

The irony of a data leak at an event which featured numerous discussions on cybersecurity will not be lost on concerned observers. 

Panels at ADFW explored the risks of human error, which remains the top driver of breaches in finance and how firms are rethinking risk strategies.

Travis DeForge, Director of Cybersecurity at Abacus Group, who spoke on a panel, noted in a subsequent interview with Dubai Eye: “It is a shift from a few years ago, when only the biggest, most profitable companies that had the most to lose were being targeted. 

“Now, firms of all sizes are being targeted. At Abacus, we work with clients that are two to three-person fund spinouts all the way up to funds with over one hundred billion of dollars in assets under management.  They’re all being targeted by the same kind of high-quality, targeted phishing attacks.”

While in this there is no cause to believe personal identity documents belonging to attendees have fallen into hands of threat actors, such incidents leave attackers better placed to perform targeted phishing.

Abu Dhabi’s cyber risk management framework 

While the ADFW data leak passed without security incident, it carried the potential for major embarrassment. Data was exposed barely two weeks after Abu Dhabi Global Market's (ADGM) Financial Services Regulatory Authority (FSRA) enforced its cyber risk management framework (CRMF).

CRMF mandates ADGM-licensed firms to integrate cyber risk into governance, strengthen third-party oversight, conduct vulnerability testing and report material incidents within 24 hours. It targets banks, investment firms and exchanges, emphasising supply chain risks amid "varying cyber maturity" levels.

The FSRA's enhanced guidance on IT provider contracts and incident templates was precisely designed to avert failures such as the one seen at ADFW. 

Binance co-CEO Richard Teng, who championed the reforms and pushed for baseline cyber resilience during his tenure as chief executive of the FSRA, was among those compromised during the breach.