A financial summit accidentally exposed the passports and state identity cards of more than 700 individuals. The summit, known as Abu Dhabi Finance Week (ADFW), is a state-sponsored event that welcomed more than 35,000 attendees in December. 

Scans of more than 700 passports and identification cards were stored in an unprotected cloud server associated with the event. 

Chris Radkowski, GRC Expert at Pathlock, comments, “This incident serves as a reminder that organizations handling documents that contain sensitive PII must enforce strict least-privilege access policies and continuously monitor how those repositories are configured and who can access them.”

Some notable individuals exposed include: 

• David Cameron, former British Prime Minister 
• Alan Howard, hedge fund billionaire 
• Anthony Scaramucci, United States investor and former White House communications director 

In a statement to Reuters, ADFW informed the news agency that “a vulnerability in a third-party vendor-managed storage environment relating to a limited subset of ADFW 2025 attendees.” ADFW added, “The environment was secured immediately upon identification, and our initial review indicates that access activity was limited to the researcher who identified the issue.”

According to reports from the Financial Times (FT), this data was accessible to any individual via web browser. This was discovered by freelance security researcher and consultant Roni Suchowsk, and after FT brought the matter to ADFW’s attention, the server was secured. 

“Mistakes and misconfigurations happen — to err is human," says Trey Ford, Chief Strategy and Trust Officer at Bugcrowd. “The researcher was clearly acting in good faith, and I trust the ADFW’s security team is taking strides to stand up an RFC-compliant notification pathway for researchers to notify them of issues identified. Teams operate with time pressure to get systems and services online and functioning — and occasionally things get missed. Making it safe and efficient for the global research community to reach out and safety share observations is how we make the internet safer. This is why we encourage vulnerability disclosure programs as a baseline starting point, especially when handling truly sensitive information.” 

The Bottom Line: Protecting Personal Information for Executives

Louis Eichenbaum, Federal CTO at ColorTokens:

In today’s digital world, you can’t assume your personal information is safe. The smartest approach is to assume it may already be exposed and build protections that stop criminals from using it.

That means taking proactive steps:

• Invest in credit monitoring and identity-protection services
• Enable account alerts and transaction limits through your bank
• Use multi-factor authentication (MFA) wherever possible
• Monitor your financial and online accounts regularly

You can’t rely solely on companies that store your data to detect threats in time. Personal security now requires personal resilience. Adopt the mindset of assume breach and build the safeguards that keep your data protected even if it falls into the wrong hands.