Cameron among hundreds hit by Abu Dhabi data breach

WEB DESK: Hundreds of high-profile figures, including former British prime minister David Cameron and hedge fund billionaire Alan Howard, had copies of their passports and identification documents exposed online following a data breach linked to Abu Dhabi Finance Week (ADFW), a major state-backed investment conference held in December 2025.

According to a report by the Financial Times, scans of more than 700 passports and state identity cards were discovered on an unsecured cloud storage server associated with the event. ADFW reportedly drew more than 35,000 participants from the worlds of finance, politics and cryptocurrency.

The documents, accessible through a standard web browser, are said to have included identification belonging to US investor and former White House communications director Anthony Scaramucci. Other prominent names affected, based on a sample reviewed by the newspaper, reportedly included Richard Teng, co-chief executive of Binance and former head of Abu Dhabi’s financial regulator ADGM, as well as Lucie Berger, the European Union’s ambassador to the UAE.

The vulnerability was identified by freelance security researcher Roni Suchowski, who alerted the authorities after earlier attempts to contact the organisers reportedly went unanswered. The server was secured shortly after the Financial Times raised the matter with ADFW on Monday.

Third-party flaw raises data security concerns

In a statement to Reuters and the Financial Times, ADFW attributed the incident to “a vulnerability in a third-party vendor-managed storage environment relating to a limited subset of ADFW 2025 attendees”. Organisers said the environment was immediately secured upon discovery and that preliminary investigations suggested access had been limited to the researcher who identified the flaw.

Mr Howard declined to comment, while Mr Cameron and Mr Scaramucci did not immediately respond to requests for comment, according to Reuters.

The breach has renewed concerns over data protection at large international gatherings, where attendees frequently submit sensitive documentation for registration and visa processing. The exposed files containing personal details that could potentially facilitate identity theft or fraud are understood to have remained publicly accessible for a prolonged period, in some accounts for at least two months.

The episode comes amid heightened global awareness of cybersecurity risks, particularly for high-net-worth individuals and public officials attending high-profile events in the Gulf. Held annually in the UAE capital, ADFW promotes itself as a leading forum for global finance, investment and emerging technologies, attracting senior political figures, financiers and technology executives from around the world.

While there have been no immediate indications that Pakistani attendees were among those affected, Pakistan has in recent years grappled with several notable data breaches, including cases in which sensitive information relating to thousands of citizens was allegedly offered for sale online.

Cybersecurity specialists and regulators have consistently urged organisations handling significant volumes of personal data to adopt stringent safeguards, including encryption, robust access controls and regular audits of third-party service providers.