Panama Papers Leak Pinned On Server Breach

Mossack Fonseca, the law firm at the heart of the Panama Papers data leak, has claimed a breach of its email servers led to the leaking of 11.5 million client documents to the International Consortium of International Journalists (ICIJ).

According to Spanish newspaper El Espanol, Panama-based Mossack Fonseca claims its servers were breached by “unauthorised persons”, and that it is taking all necessary step to prevent it happening again.

The document leak, many times larger than that of the Wikileaks Cable whistleblowing that started in 2010, is a trove of information revealing how global politicions and public figureheads used offshore banking to mask their wealth from tax investigators and the general public.

It must be noted that whilst the ICIJ and its media partners currently covering the Panama scandal have unearthed illegal practices, not all parties or persons that have had their information leaked were operating illegally.

2.6 TB

The 2.6 TB lump of documents were handed to German newspaper Sueddeutsche Zeitung in 2015. Since then, in collaboration with the ICIJ, the media readied the documents for publication, naming and shaming illegal or morally ambiguous actors such as Icelandic Prime Minster Sigmundur Davíð Gunnlaugsson who kept his offshore accounts secret.

The leak also involves unknown offshore banking accounts of the late father of British Prime Minister David Cameron that were used to avoid paying taxes.

A British banker, who lived in North Korea, has also been found to have operate an offshore finance company that helped the Pyongyang regime to expand its nuclear weapons programme.

The ICIJ claims that the leak shows 140 politicians and public officials have been operating offshore accounts, with more than 214,000 organisations.

Dodi Glenn, vice president of Cyber Security at PC Pitstop, told TechWeekEurope: “From a security standpoint, the amount of content leaked seems to dwarf Wikileaks’ Cablegate from 2010, but it’s hard to say at this point how the data was taken – whether it was an insider, a phishing attack, or malware.

“Long story short, if you want to keep something confidential, don’t put it on a computer specifically one connected to the Internet. The very second you do that, you can assume the data can be purloined.”

Criminal wrongdoing

In a public statement made yesterday, Mossak Fonseca said: “Mossack Fonseca has never once in its history been charged with criminal wrongdoing, or even been formally investigated in connection with allegations of the same.

“Unfortunately, several recent stories appearing in a handful of international media outlets might lead some to conclude that the opposite is true.

“These reports rely on supposition and stereotypes, and play on the public’s lack of familiarity with the work of firms like ours.”

Take our data breaches of 2015 quiz here!