Back to blog

The Panama Papers: Don’t take your data for granted

by AprilSix Proof


is week we have seen front pages across the world feature expose after expose and revelation after revelation about the infamous Panama Papers. For those who may not be aware; the Panama Papers came from the leaking of over 11 million files from the database of Mossack Fonseca, the world’s fourth biggest offshore law firm, revealing a list of names of people and businesses using secretive offshore tax regimes, including politicians, businesses and celebrities.

The papers were given to the German newspaper Süddeutsche Zeitung by an anonymous source, which shared them with the International Consortium of Investigative Journalists (ICIJ), which shared them with its network of international papers. This in itself was no small feat; the amount of information passed on to Süddeutsche Zeitung equated to 2.6 terabytes of data. This is a huge amount of information, especially when you consider that the data given to WikiLeaks from the US embassy cables in 2010 only equated to 1.7 gigabytes – less than 10 per cent of the Mossack Fonseca leak.

This must have been every journalist’s dream! Page after page of media gold and more revelations then they know what to do with. The coordination of the media outlets around the world to analyse this data and keep everything under wraps until that was done must have been a monumental task. But looking at the stories that they have got from this, it was well worth it.

From Mossack Fonesca’s perspective, the question they will be scratching their heads about will be ‘how did so much of our client’s private information get in the hands of the press so easily?’. This isn’t a case of a private email being sent to the wrong person by mistake, this is over 11 million files we’re talking about, so how has someone managed to get into the firm’s systems and walk out with this data without even being noticed?

The company has since stepped forward and said that the leak was not an inside job and that it was indeed the victim of an outside hack, but is that any excuse? It’s all well and good to know that your staff are not responsible for the biggest data leak in history, however it’s no excuse to say that instead it was a case that your data security standards were not up to scratch to deal with outsider threats. There were a lot of big names and big organisations attached to Mossack Fonesca who would have assumed that their personal information was going to be protected in the best and most stringent way possible, especially as they were handing over large sums of money to the company. Clearly, they were wrong.

Interestingly enough, Christopher Soghoian, a privacy researcher, ran a test that revealed that Mossack Fonesca does not encrypt its emails with Transport Layer Security (TLS) protocols. For those not in cyber security, TLS is a cryptographic protocol designed to provide communications security over a computer network, such as emails. This goes some way to explaining how the hacker got hold of the information without any interference; it appears that the firm was simply not prepared with the adequate security capabilities to keep hackers at bay, which when you hold such high-profile and confidential information should be your first port of call.

One thing is for sure, the Panama Papers are not going to be something that is going away anytime soon. There are a lot of people and businesses there who have been left with egg on their faces and a huge amount of work to do to restore reputations. However, if there is one thing Mossack Fonesca or any business working with private information can take from this debacle, it’s don’t ever take your information for granted. Make sure that you have to most full-proof, safe and secure systems available to ensure that your data isn’t going anywhere without your say-so, because if you don’t, there is no knowing what could happen to it, you could even make headline news.