More than 700 passports and IDs exposed from Abu Dhabi Finance Week server

Scans of more than 700 passports and state identity cards belonging to attendees of Abu Dhabi Finance Week were left on an unprotected cloud server, exposing high‑profile figures including former UK prime minister David Cameron, former White House communications director Anthony Scaramucci and hedge fund investor Alan Howard. The files were discovered by freelance security researcher and consultant Roni Suchowski, who said the cache remained open for at least two months and was accessible to anyone using a basic web browser.

Abu Dhabi Finance Week, organised by the Abu Dhabi Global Market, is a state‑sponsored finance event that drew more than 35,000 participants when it convened in December 2025. The exposed materials were stored in a third‑party vendor‑managed environment that organisers say contained a limited subset of 2025 attendees. ADFW issued a statement saying the incident was caused by “a vulnerability in a third‑party vendor‑managed storage environment relating to a limited subset of ADFW 2025 attendees.” The organisers added: “The environment was secured immediately upon identification, and our initial review indicates that access activity was limited to the researcher that identified the issue.”

Accounts of what sat in the exposed cache vary slightly; in addition to scans of passports and identity cards, a security researcher reported invoices and internal documents were also present. Several named attendees either did not respond to requests for comment or declined to comment. ADFW’s assertion that only the finder accessed the files rests on the organisers’ initial review and has not been independently verified.

Security analysts and privacy advocates say the breach highlights systemic weaknesses that go beyond an isolated vendor error. “For an event that markets itself as a crossroads of global wealth hosting leaders who collectively oversee trillions of dollars in assets the human element of the error is stark,” one analyst observed. Exposed identity documents create clear risks of identity theft and spear‑phishing, and they can be used to attempt fraudulent access to services including medical care and insurance.

Those downstream risks carry public health and social equity consequences. Stolen identity information has been used elsewhere to submit fraudulent insurance claims, to procure prescription medications, and to create false patient records that complicate clinical care. When breaches involve international gatherings, the administrative burden of remediation often falls on individuals, while the costs of fraud and disrupted care ripple through insurers, health systems and public health monitoring. Vulnerable communities are disproportionately harmed when systems lack robust notification, remediation and support; wealth and influence are no guarantee of swift restitution.

The incident raises questions for policymakers responsible for health data protections, vendor oversight and breach notification rules. Experts say organisers of large conferences should be required to conduct independent audits of vendor security, to minimize collection of sensitive identity documents where possible, and to provide timely, concrete remediation offers such as identity monitoring and assistance with insurance or travel document replacement.

Organisers say they have secured the storage environment and begun an initial review. Security researchers and affected attendees are now seeking forensic logs, vendor details and confirmation of remedial steps, including whether attendees will be offered monitoring or support. Roni Suchowski and ADFW are the primary sources to follow for technical timelines and remediation plans.