Unsecured cloud server at Abu Dhabi Finance Week exposes passports of global leaders and investors

Personal identity documents belonging to hundreds of attendees of Abu Dhabi Finance Week were publicly accessible online for at least two months after an unprotected cloud storage server exposed passport scans, state identity cards and other sensitive files tied to the high-profile investment summit.

More than 700 passports and government-issued ID cards were discovered on a cloud server linked to Abu Dhabi Finance Week, widely known as ADFW, a state-backed financial conference that drew over 35,000 participants in December. The exposed files were accessible through a standard web browser without authentication before the server was secured.

Among the individuals whose documents were included in the exposed files were former British Prime Minister David Cameron, billionaire hedge fund manager Alan Howard and U.S. investor and former White House communications director Anthony Scaramucci. Additional high-profile figures whose details appeared in a sample of the files included Richard Teng, co-chief executive of crypto exchange Binance, and Lucie Berger, the European Union’s ambassador to the United Arab Emirates.

The event is organized by Abu Dhabi Global Market, known as ADGM, the emirate’s international financial center. ADGM has promoted ADFW as a flagship gathering for global finance, stating that total assets represented during the week exceeded $62 trillion.

ADFW confirmed that a vulnerability existed in a third-party vendor-managed storage environment affecting a limited subset of ADFW 2025 attendees. The organization said the environment was secured immediately upon identification and that its initial review indicates access activity was limited to the security researcher who identified the issue. ADFW stated it has contacted affected attendees and emphasized that it takes data protection and platform security seriously.

The exposed cache included not only passport scans and ID cards but also invoices and tens of thousands of other files. The discovery was made by freelance security researcher Roni Suchowski using commercially available software designed to scan cloud services for unsecured data. Suchowski said earlier attempts to alert organizers were unsuccessful before outreach prompted the issue to be addressed.

Cybersecurity experts warned that the exposure of complete passport scans poses significant risks. Such documents can be exploited for identity theft, highly targeted phishing campaigns and unauthorized access to financial or online accounts, particularly when combined with other personal data.

The December event was attended by Abu Dhabi Crown Prince Sheikh Khaled bin Mohamed bin Zayed Al Nahyan and featured senior government ministers and executives from major financial institutions. Previously announced participants included representatives from global banks and asset managers such as UBS, Blackstone, Standard Chartered, Barclays, Morgan Stanley, Temasek, Bridgewater Associates, Carlyle Group and Man Group, as well as crypto firms including Tether and Crypto.com.