A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime.
The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.
World-Check is a screening database used for “know your customer” checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions. The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm.
A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.
Simon Henrick, a spokesperson for the London Stock Exchange Group, which maintains the database, told TechCrunch: “This was not a security breach of LSEG/our systems. The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system. We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified.”
LSEG did not name the third-party company, but did not dispute the amount of data stolen.
The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered “politically exposed people,” who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives and a European spyware vendor.
The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.
World-Check is currently owned by the London Stock Exchange Group following a $27 billion deal to buy financial data provider Refinitiv in 2021. LSEG collects information from public sources, including sanctions lists, government sources and news outlets, then provides the database as a subscription to companies for conducting customer due diligence.
But privately run databases, like World-Check, are known to contain errors that can affect entirely innocent people with no nexus or connection to crime but whose information is stored in these databases.
In 2016, an older copy of the World-Check database leaked online following a security lapse at a third-party company with access to the data, including a former advisor to the U.K. government that World-Check had applied a “terrorism” label to his name. Banking giant HSBC shut down bank accounts belonging to several prominent British Muslims after the World-Check database branded them with “terrorism” tags.
A spokesperson for the U.K.’s data protection authority, the Information Commissioner’s Office, did not immediately comment on the breach.
Press Release from Carey Olsen, Friday 23 February, 2024. Carey Olsen and Alter Domus have advised healthcare and sustainability investment firm Gyrus Capital S.A (“Gyrus”) on the final
Summary of the decisionBanks play a crucial role in the fight against subversive crime because of their unique access to financial information and transaction flows. This is precisely why it is essential
MPs have demanded HMRC puts an end to the vast sums of public money being lost to offshore tax avoidance, which they say the agency has drastically underestimated. In a letter sent on Wednesday, the
The number of civil investigation cases opened by a HM Revenue and Customs (HMRC) fraud unit investigating offshore, corporate and wealthy taxpayers has fallen by more than half in five years, figures