A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records used by companies to screen potential customers for links to sanctions and financial crimes.
The hackers, who call themselves GhostR, said in March they stole 5.3 million records from the World-Check testing database and threatened to publish the data online.
World-Check is a screening database used for “Know Your Customer” checks (KYC), which allows businesses to identify potential customers as high-risk, such as those involved in money laundering or under government sanctions. , you can determine if you are a potential criminal. The hackers told TechCrunch that they stole the data from a Singapore-based company with access to the World-Check database, but declined to name the company.
Some of the stolen data the hackers shared with TechCrunch also includes individuals who were sanctioned earlier this year.
Simon Henrik, a spokesperson for London Stock Exchange Group, which manages the database, told TechCrunch: This incident involves a third-party data set that includes a copy of the World-Check data file. This was obtained fraudulently from a third party system. We work with affected third parties to ensure that data is protected and the appropriate authorities are notified. ”
LSEG did not name the third-party company but did not dispute the amount of data stolen.
Some of the stolen data seen by TechCrunch includes records on thousands of people, including current and former government officials, diplomats, and private companies, whose leaders are known as “politically exposed individuals.” The risk of involvement in corruption and bribery is high. The list also includes people accused of involvement in organized crime, terrorist suspects, intelligence agents and European spyware vendors.
Data varies by record. The database includes names, passport numbers, social security numbers, online cryptographic account identifiers, bank account numbers, and more.
World-Check is now owned by the London Stock Exchange Group after striking a deal to acquire financial data provider Refinitiv for $27 billion in 2021. LSEG collects information from public sources such as sanctions lists, government sources, and media outlets and provides its database as a database. Subscriptions to companies to perform customer due diligence.
However, privately operated databases like World-Check have no connection to crime and have the potential to impact completely innocent people whose information is stored in the database. It is known to contain certain errors.
In 2016, an old copy of the World-Check database was leaked online due to a security flaw in a third-party company that had access to the data. Among them was a former adviser to the British government, to whom World-Check had applied the “terrorist” label. Banking giant HSBC has closed the bank accounts of several prominent British Muslims after its World Check database tagged them as 'terrorism'.
A spokeswoman for the Information Commissioner's Office, the UK's data protection authority, did not immediately comment on the breach.
Contact this reporter via Signal and WhatsApp (+1 646-755-8849) or email. You can also send files and documents via SecureDrop.