The details of 2.2 million suspected terrorists have been leaked.
Taken from the World-Check database, which is maintained by Thomson Reuters, the entries were leaked to an online security expert.
Chris Vickery, who obtained the information, asked users on Reddit whether he should make the details available or not.
Thomson Reuters bought World-Check in 2011, after it had been set up in London in 2000.
According to Vice.com, the database is used by over 300 government and intelligence agencies, 49 of the 50 biggest banks, and 9 of the top 10 global law firms.
The current version of the database contains, among other categories, a blacklist of 93,000 individuals suspected of having ties to terrorism.
‘No hacking was involved in my acquisition of this data,’ Mr Vickery said on Reddit.
‘I would call it more of a leak than anything, although not directly from Thomson Reuter.
‘The exact details behind that can be shared at a later time.’
‘This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database,’ he said.
‘Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.’
Mr Vickery listed his reasons for and against releasing the data.
He said the reasons for were that ‘innocent people that have been put on this list deserve to know that they are on it, the data is apparently all aggregated from public sources and the database is already accessible to anyone that is willing to pay Thomson Reuters for it.’
But there were more reasons listed against.
‘Releasing it may tip off some actual bad guys that really should be on such a list,’ he said.
‘Thomson Reuters’ legal team will likely have some words for me. After all, they do invest considerable time and effort in categorizing and analyzing the data even if it is from public sources. There’s probably a copyright argument to be made.
‘I have nothing against Thomson Reuters and I’m generally a pretty friendly guy.
‘Some harm will likely be done to individuals that shouldn’t be on the list, but are on the list by mistake. Suddenly the mistaken listing would be much more widespread than even Thomson Reuters’ subscribers.’
In a statement, a Thomson Reuters spokesperson said: ‘Thomson Reuters was yesterday alerted to the fact that out of date information from the World-Check database had been exposed by a third party.
‘We are grateful to Chris Vickery for bringing this to our attention, and have acted with the upmost urgency to contact the third party concerned – with whom we are now in contact in order to secure the information.’
A spokeswoman for the UK’s Information Commissioner Officer told the BBC the Data Protection Act required personal information to be kept secure even if it had been collated from public sources.
‘Organisations must take appropriate measures against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage,’ she said. ‘We’ll be making enquiries.’