Panama Papers: Who is responsible for Mossack Fonseca email server leak?

Mossack Fonseca, the Panama-based law firm at the centre of a global money scandal exposing how the world's rich hide their cash, has blamed the unprecedented leak of over 11 million customer records on a computer hack against an email server.

Ramon Fonseca, one of the co-founders of Mossack Fonseca, told Panama's Channel 2 that, although authentic, the documents being poured over by global media outlets were 'obtained illegally by hackers'.

Larger in scope than anything released by whistleblowing site WikiLeaks or former NSA-contractor Edward Snowden, the Panama Papers have implicated powerful figures, such as the king of Saudi Arabia, the prime ministers of Iceland and Pakistan and close aides of President Vladimir Putin in alleged financial misconduct.

The client email

In a copy of an internal email dated 1 April, seen by IBTimes UK, Mossack Fonseca marketing director Carlos Sousa-Lennox said an investigation was underway, and confirmed that it had "unfortunately" suffered an attack on its email server – adding that the firm was taking "all necessary steps to prevent it happening again."

"There was unauthorised access to our email server through which certain information was gleaned by outside parties," the email stated. "The identity of certain individuals and information on aspects of their affairs may have been exposed as a result of this unauthorised access. We do not yet know the identity or the motivation of the persons who have committed this act."

"The information, that has been accessed from our files has fallen into the hands of reporters from certain media outlets who have been taking information out of context and making false assumptions about the nature of our services.

"They have already contacted us in an effort to confirm their allegations and ask further questions. We have responded in a general manner and have not provided details that would further expose confidential information. We believe they are also attempting to contact individuals whose information is contained in the materials, illegally taken from the content of emails that have been exposed."

There has been a lot of focus on the leaked documents but not as much on the source of the information. Pertinent questions remain about the culprit's identity and it remains unclear if the 'unauthorised access' was the work of 'hackers' or a concerned whistleblower from within the organisation. German newspaper, Süddeutsche Zeitung, who first obtained the documents, has said that the source wanted "neither financial compensation nor anything else in return" for the documents – aside from security measures.

As previously reported, the leaked data gave an insight on the private wealth of 72 current or former heads of state who have used shell companies and offshore accounts, often through close associates or family members.