A financially motivated hacking group claims to have gained access to a confidential database containing millions of records used by companies for screening potential customers for connections to sanctions and financial crime.
Identifying themselves as GhostR, the hackers disclosed that they acquired 5.3 million records from the World-Check screening database in March and are now threatening to disclose the data online.
World-Check serves as a screening database utilized for “know your customer” (KYC) checks, enabling companies to assess whether prospective customers pose a high risk or have potential links to criminal activities like money laundering or government sanctions. According to the hackers who spoke to TechCrunch, they obtained the data from a Singapore-based firm with access to the World-Check database but opted not to reveal the firm’s name.
Simon Henrick, a spokesperson for the London Stock Exchange Group (LSEG), which oversees the database, clarified to TechCrunch that the incident was not a security breach within LSEG’s systems. Instead, the incident involved a third party’s data set, including a copy of the World-Check data file, that was illicitly obtained from the third party’s system. LSEG is collaborating with the affected third party to safeguard its data and notify relevant authorities, although the third-party company remains unnamed by LSEG.
The stolen data shared with TechCrunch includes records of thousands of individuals, encompassing current and former government officials, diplomats, and leaders of private companies categorized as “politically exposed people” due to their heightened risk of involvement in corruption or bribery. The dataset also encompasses individuals accused of organized crime involvement, suspected terrorists, intelligence operatives, and a European spyware vendor.
Information contained in the database ranges from names and passport numbers to Social Security numbers, online crypto account identifiers, and bank account details.
World-Check, currently owned by the London Stock Exchange Group following its acquisition of financial data provider Refinitiv in 2021 for $27 billion, aggregates data from various public sources, such as sanctions lists, governmental sources, and news outlets. Subsequently, LSEG offers the database to companies through subscription services for conducting customer due diligence.
However, privately managed databases like World-Check are prone to errors, potentially impacting entirely innocent individuals with no ties to criminal activity but whose data is stored within these databases.
In 2016, an older version of the World-Check database was leaked online following a security lapse at a third-party company with access to the data. This incident included mislabeling a former advisor to the U.K. government as a “terrorism” suspect by World-Check. Notably, banking giant HSBC closed bank accounts of several prominent British Muslims after being tagged with “terrorism” labels in the World-Check database.
The Information Commissioner’s Office, the U.K.’s data protection authority, has not provided immediate commentary on the breach.