KEY POINTS
- Over 700 passport and identity scans from Abu Dhabi Finance Week were found on an unsecured cloud server.
- The exposed files included personal documents of figures such as former UK PM David Cameron and investor Anthony Scaramucci.
- Organizers say the breach stemmed from a third-party vendor and secured access only after being alerted by the press.
Organizers of Abu Dhabi Finance Week (ADFW) confirmed that a significant security lapse exposed the personal identification documents of hundreds of attendees, including prominent global figures.
The Financial Times reported that scans of more than 700 passports, state ID cards and similar records were publicly accessible on an unprotected cloud storage server tied to the state-sponsored investment conference.
The exposed documents belonged to a small subset of delegates who attended ADFW 2025, a major event that drew over 35,000 participants from international finance, politics and business communities.
Former British prime minister David Cameron was among the global leaders whose sensitive identification files were discovered as part of the leak. Other affected attendees reportedly included hedge fund billionaire Alan Howard and U.S. investor and former communications director Anthony Scaramucci.
The data was stored on a cloud server that did not require specialized credentials to access, meaning anyone with a standard web browser could locate and view the files. A freelance security researcher, Roni Suchowski, first detected the exposed server and alerted the Financial Times about the vulnerability.
Upon being contacted by the news outlet, ADFW organizers secured the server and restricted access. In a statement to the Financial Times, the event’s organizers attributed the breach to a flaw in a third-party vendor’s storage setup, saying the issue affected only a limited group of attendees.
The organizers claimed their initial review suggested that only the researcher accessed the exposed data before it was secured. They did not immediately provide further detail on how long the documents had been exposed or whether any malicious actors had accessed the files prior to remediation.
Requests for comment from some individuals whose identity documents were exposed were not immediately returned, according to reports.
Abu Dhabi Finance Week is organized by Abu Dhabi Global Market (ADGM), the emirate’s international financial center, which promotes investment activities in the region. The summit attracts business leaders, policy makers, bankers and entrepreneurs, making it a showcase event in the Middle East’s finance calendar.
Cloud storage security has been a persistent target for scrutiny in recent years as misconfigured systems have repeatedly resulted in unintended disclosures of sensitive business and personal data. Experts note that simple access controls and encryption measures could prevent many such lapses.
The disclosure of passport scans and identity cards raises heightened concerns because these records often contain key details — such as birth dates, national ID numbers and other identifying information — that could be misused for identity theft or fraud if obtained by unauthorized parties.
The incident at ADFW adds to broader global worries about data security for high-profile events and organizations that handle large volumes of personal information. Even when breaches stem from third-party vendors, the responsibility for safeguarding attendee data typically falls on the event host.
Organizers say they have taken steps to lock down the exposed server and are reviewing processes to prevent similar issues. They did not specify whether affected attendees will be notified directly or offered protections such as identity monitoring services.
As investigations continue, this breach underscores the persistent risks associated with cloud infrastructure and the need for rigorous security oversight, particularly when handling sensitive records of public figures and business leaders.
