A financially motivated one The criminal hacking group says it has stolen a confidential database containing millions of files that companies use to screen potential clients for links to sanctions and financial crime.
The hackers, calling themselves GhostR, said they stole 5.3 million records from the World-Check audit database in March and are threatening to release the data online.
World-Check is a screening database used for know-your-customer (or KYC) checks, allowing companies to determine whether prospective customers are high-risk or potential criminals, such as those with links to or subject to money laundering to government sanctions. The hackers told TechCrunch that they stole the data from a Singapore-based company with access to the World-Check database, but did not name the company.
Some of the stolen data, which the hackers shared with TechCrunch, includes people who were sanctioned just this year.
Simon Henrick, a spokesman for the London Stock Exchange Group, which maintains the database, told TechCrunch: “This is not a security breach of LSEG/our systems. The incident involves a third-party data set, which includes a copy of the World-Check data file. This was illegally obtained from third party system. We are working with the affected third party to ensure that our data is protected and ensure that the relevant authorities are notified.”
LSEG did not name the third company, but did not dispute the amount of data stolen.
The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats and private companies whose leaders are considered “politically exposed people,” who are at greater risk of involvement in corruption or bribery. The list also contains people accused of involvement in organized crime, suspected terrorists, intelligence agents and a European spyware seller.
Data varies by registration. The database contains names, passport numbers, social security numbers, online crypto account identifiers and bank account numbers, and more.
World-Check is currently owned by the London Stock Exchange Group following a $27 billion deal to buy financial data provider Refinitiv in 2021. LSEG collects information from public sources, including sanctions lists, government sources and news stories, and then provides the database to assist companies in conducting customer due diligence.
However, privately run databases such as World-Check are known to contain errors that can it affects completely innocent people without any relation or connection to crime, but whose information is stored in these databases.
In 2016, an older copy of the World-Check database leaked online after a security breach a third-party company with access to the data, including a former UK government adviser that World-Check had applied a “terrorism” label to his name. Banking giant HSBC closing bank accounts were owned by a number of prominent British Muslims after the World-Check database labeled them ‘terrorism’.
A spokesman for the UK’s data protection authority, the Information Commissioner’s Office, did not immediately comment on the breach.
To contact this reporter, contact on Signal and WhatsApp at +1 646-755-8849 or via email. You can also send files and documents via SecureDrop.
