Major Security Breach at Abu Dhabi Finance Week Exposes Hundreds of High-Profile Attendees
In a significant cybersecurity lapse, passport scans and identity documents belonging to hundreds of attendees of the prestigious Abu Dhabi Finance Week (ADFW) have been exposed online. The security breach compromised the personal information of high-profile individuals from international finance, politics, and cryptocurrency sectors who attended the event in December 2025.
Extent of the Data Exposure
According to documents reviewed by the Financial Times, scans of more than 700 passports and state identity cards were discovered on an unprotected cloud storage server linked to the state-sponsored investment conference. The exposed data includes sensitive information of former British Prime Minister Lord David Cameron, billionaire hedge fund manager Alan Howard, and former White House communications director Anthony Scaramucci.
Other prominent individuals whose details were disclosed included Richard Teng, co-chief executive of crypto exchange Binance and former chief of ADGM, and Lucie Berger, the EU's ambassador to the UAE. The Financial Times reported these findings after reviewing a sample of the exposed files.
How the Breach Was Discovered
Freelance security researcher and consultant Roni Suchowski identified the critical vulnerability using commonly available software that scans cloud services for unsecured information. Suchowski revealed that the exposed data could be accessed by anyone using a standard web browser, with the dataset likely exposed for at least two months.
The researcher told the Financial Times: "Responsible disclosure is crucial in cases of data breaches to protect affected individuals. The goal is always to notify the organisation privately and give them the opportunity to fix the issue before it is abused."
Suchowski added that earlier attempts to alert ADFW about the security vulnerability had been unsuccessful, which ultimately prompted him to contact the Financial Times. After the publication reached out to ADFW about the data exposure this week, the server was finally secured.
Potential Consequences and Expert Reactions
Cybersecurity experts have warned that complete passport scans can be extremely valuable to fraudsters operating on the dark web. These documents can be combined with other personal information to facilitate:
- Identity theft
- Targeted phishing attempts
- Unauthorized access to online accounts
- Financial fraud
Neil Quilliam, an associate fellow at Chatham House's Middle East and North Africa Programme, described the ADFW cybersecurity incident as a "blunder" that runs counter to how the Gulf state likes to present itself. He emphasized that such a "basic and simple mistake" could significantly harm the region's reputation, which frequently hosts international conferences and emphasizes its security arrangements.
ADFW's Response and Impact
In a statement to the Financial Times, ADFW confirmed "a vulnerability in a third-party vendor-managed storage environment relating to a limited subset of ADFW 2025 attendees." The organization stated that it takes data protection and platform security extremely seriously and that the environment was secured immediately upon identification.
ADFW has contacted the affected attendees to inform them about the data breach. One attendee expressed shock at what they described as a "massive data breach," calling it "pretty appalling." The organization's initial review indicates that access activity was limited to the researcher who identified the issue.
Context and Significance of ADFW
Abu Dhabi Finance Week has positioned itself as a premier platform for engaging the global financial community as it works to attract hedge funds and asset managers to its expanding financial centre. The event, organized by ADGM (Abu Dhabi's financial centre), featured total assets represented during the week surpassing $62 trillion.
The December 2025 event was attended by Abu Dhabi's crown prince, Sheikh Khaled bin Mohammed bin Zayed al-Nahyan, and was promoted extensively across social media platforms. ADFW previously highlighted speakers including UAE government ministers and senior executives from major financial institutions such as:
- UBS
- Blackstone
- Standard Chartered
- Barclays
- Morgan Stanley
- Temasek
- Bridgewater
- Carlyle
- Man Group
Representatives from cryptocurrency companies, including Tether and Crypto.com, were also present at the high-profile gathering that attracted more than 35,000 attendees to its conference held late last year.
This security incident raises serious questions about data protection protocols at major international conferences, particularly those involving sensitive financial and governmental participants. The breach underscores the ongoing challenges organizations face in securing cloud storage environments, even when handling highly sensitive personal information of influential global figures.
