ICIJ Offshore Leaks Database

Search 810,000+ offshore entities from five major leak investigations — Panama Papers, Pandora Papers, Paradise Papers, Bahamas Leaks, and Offshore Leaks.

Newsgathering

Built for journalism

Adequate

https://offshoreleaks.icij.org · Reviewed 2026-04-02 · Editorial assessment by Mike Schneider — not an independent security audit

What should journalists know about ICIJ Offshore Leaks Database?

The Offshore Leaks Database is the public-facing output of the largest collaborative journalism projects ever undertaken. It aggregates five investigations spanning 2013 to 2022: the original Offshore Leaks (Portcullis Trustnet, Commonwealth Trust Limited), the Panama Papers (Mossack Fonseca), the Bahamas Leaks (Bahamas corporate registry), the Paradise Papers (Appleby + seven corporate registries), and the Pandora Papers (14 offshore service providers). The database covers 810,000+ offshore entities linked to people and companies in 200+ countries, with records spanning 80+ years through 2020. In January 2025, ICIJ added a Reconciliation API that lets you match your own datasets — names, addresses, entities — against the full database programmatically. The graph visualization (powered by Neo4j) is the real power feature: it maps the relationships between entities, officers, intermediaries, and addresses, revealing networks you'd never find in flat tabular data. This is where follow-the-money investigations start.

Best for

Searching for individuals or companies with offshore financial structures. Starting points for follow-the-money and beneficial-ownership investigations. Cross-referencing names against five major leak datasets. Mapping corporate networks through graph visualization. Matching your own datasets against offshore records via the Reconciliation API.

Not for

The database is a curated subset of the leaked documents, not the full archives. No bank account details, transaction records, or underlying source documents. Absence from the database does not mean absence from the leaks — ICIJ withholds passport numbers, financial transactions, and other sensitive material. Not a substitute for corporate registries (OpenCorporates has 200M+ companies vs. 810K here). Not evidence of wrongdoing — offshore structures are legal.

Security & Privacy

Encryption in transit Yes

Data is scrambled while being sent to their servers

Encryption at rest Yes

Data is scrambled when stored on their servers

Data jurisdiction United States. ICIJ is a 501(c)(3) nonprofit based in Washington, DC.

Where servers are located — affects which governments can request your data

Security rating Adequate

No account required to search. ICIJ is a nonprofit journalism organization — no ads, no data sales. Standard web server logs may record IP addresses and search queries. The Reconciliation API processes your submitted data server-side to match against records. ICIJ does not disclose what queries users run.

How to protect yourself:

No login needed for basic searches — just go. Use a VPN if your research targets are sensitive, since your search queries hit ICIJ's US-based servers. Download the full CSV or Neo4j dump for local analysis if you need to search without network exposure. Cross-reference results with OpenCorporates (corporate registries), PACER/RECAP (court records), OpenSanctions (sanctions lists), and Aleph (OCCRP's cross-border database) for a fuller picture. Remember: presence in the database means an offshore connection was documented, not that laws were broken.

Nonprofit-operated public database with no account requirement and minimal data collection. The main operational security consideration is that your search queries are processed on ICIJ's US-based servers — if you're investigating entities that monitor their own exposure, your query pattern could be revealing. Download the bulk data for local querying if that matters. The Reconciliation API sends your match data to ICIJ servers for processing, so don't submit sensitive source lists without considering that.

Who Owns This

Owner ICIJ (International Consortium of Investigative Journalists)

Funding Nonprofit. Funded by journalism foundations, individual donations, and government transparency grants. The 2025 Reconciliation API was funded by Germany's GIZ (Deutsche Gesellschaft für Internationale Zusammenarbeit).

Business model Nonprofit journalism organization. ~50 staff, network of 280 investigative journalists across 100+ countries and 140+ media partners. 2022 revenue was $6.4M. Major funders include Adessium Foundation, Ford Foundation, Open Society Foundations, and Luminate (which has contributed $6M+ since 2017). The database is a free public resource — ICIJ's funding comes entirely from grants and donations.

Known issues

Data is from leaked files, not standardized registries — expect duplicates, inconsistent formatting, and data entry errors, including within the same leak. Country matching is automated and sometimes wrong. Not every officer appears: ownership information is often buried in emails and internal memos that can't be systematically extracted. In the Panama Papers specifically, Mossack Fonseca often failed to collect real beneficial ownership data, relying on intermediary banks instead. The database has not been updated with new leak data since May 2022 (Pandora Papers final batch). WikiLeaks and others have criticized ICIJ for not releasing the underlying raw documents — ICIJ's position is that privacy and source protection require withholding bulk source material. Names in the database can be common (false positive risk is real) — always verify identity through additional sources.

Pricing

Free. No account required to search. Bulk CSV and Neo4j downloads also free.

This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.

Something wrong or outdated? Report it.