DEVELOPING STORY: Possible Traffic Monsoon Data Breach

DEVELOPING STORY: During its routine reporting today, the PP Blog observed information that strongly suggests a data breach occurred at Traffic Monsoon or within a sponsor’s organization — possibly in the summer of 2015.

The SEC, which charged Traffic Monsoon and alleged operator Charles David Scoville of Utah last month with running a massive, cross-border Ponzi scheme, did not immediately respond to a request for comment. Traffic Monsoon allegedly gathered at least $207 million.

If a breach can be substantiated, it would mean that certain personally sensitive information of at least hundreds of Traffic Monsoon participants has been compromised. The information appears initially to have been published on a website with an Arabic audience. The site also includes certain information in English, including what we’d describe as purported PayPal payment “proofs” for various amounts.

What’s clear at the moment is that the website uses the term Traffic Monsoon as two of the words that form its name. Information on the site suggests certain Traffic Monsoon participants in the United States, the Netherlands, Latvia, South Africa, India, Sweden, Malaysia, Germany, Canada, Serbia, Romania, Israel, Indonesia, the United Kingdom, Australia, the Philippines, Belgium, Argentina and other nations may have been affected.

This would not be the first time a “program’s” database has leaked onto the web. It previously has happened with cash-gifting schemes, perhaps particularly if sponsors were maintaining their own databases of recruits and did not secure them properly.