The “No-fly list,” a secret database of terrorism suspects, was accidentally leaked to the media last week.

The low-budget transport company CommuteAir had left reams of private data on a public server, the hacker Maia Arson Crimew discovered. That data included 1.5 million names on the Terrorism Screening Database, a controversial watchlist compiled by the FBI and shared with airlines.

Crimew contacted CommuteAir to warn them of the data breach, but then shared the list with the Daily Dot and a few other media outlets. CommuteAir confirmed in public statements that the data is genuine.

The list reportedly includes 1.5 million names, including an eight-year-old child and prominent Irish politician Gerry Adams, who has been accused of supporting armed resistance against the British government. Most of the names on the list were Muslim or Arab, according to Business Insider.

U.S. courts ruled in 2019 that the no-fly list was too vague and violated the Constitution, but an appeals court reversed the ruling and allowed the list to continue in 2021, according to Law Crime News.

Many travelers, including a US senator and a retired brigadier general, have complained of being mistaken for terrorism suspects on the list.

The Transportation Security Administration said it was looking into the leak, and congressional Homeland Security Committee member Daniel Bishop also vowed to investigate, according to CNN.