You are currently offline

Massive Data Breach Exposes 5.3 Million Sensitive Records in World-Check Database

The hacking group GhostR has claimed responsibility for stealing 5.3 million records from the World-Check screening database, which is used for "know your customer" checks. This database is used by companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions. The stolen data includes information on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered "politically exposed people," who are at a higher risk of involvement in corruption or bribery. The data varies by record and includes names, passport numbers, Social Security numbers, online crypto account identifiers, and bank account numbers.

The London Stock Exchange Group (LSEG), which maintains the database, has confirmed the breach and stated that it was not a security breach of their systems but rather a third party's data set that was illegally obtained from a Singapore-based firm with access to the World-Check database. The company is currently liaising with the affected third party to ensure that their data is protected and that appropriate authorities are notified.

World-Check is a screening database used for "know your customer" checks, allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions. The database is currently owned by the London Stock Exchange Group following a $27 billion deal to buy financial data provider Refinitiv in 2021. LSEG collects information from public sources, including sanctions lists, government sources, and news outlets, then provides the database as a subscription to companies for conducting customer due diligence.

The stolen data includes individuals who were sanctioned as recently as this year, indicating that the breach is a significant one. The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered "politically exposed people," who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives, and a European spyware vendor.

The World-Check database is known to contain errors that can affect entirely innocent people with no nexus or connection to crime but whose information is stored in these databases. In 2016, an older copy of the World-Check database leaked online following a security lapse at a third-party company with access to the data, including a former advisor to the U.K. government that World-Check had applied a "terrorism" label to his name. Banking giant HSBC shut down bank accounts belonging to several prominent British Muslims after the World-Check database branded them with "terrorism" tags.

The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online. GhostR told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database but did not name the firm. The stolen data includes individuals who were sanctioned as recently as this year, indicating that the breach is a significant one.

Simon Henrick, a spokesperson for the London Stock Exchange Group, which maintains the database, told TechCrunch: "This was not a security breach of LSEG/our systems. The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system. We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified."

The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered "politically exposed people," who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives, and a European spyware vendor.

The World-Check database is used by companies to conduct customer due diligence, and the stolen data could potentially be used for malicious purposes. The London Stock Exchange Group has stated that they are liaising with the affected third party to ensure that their data is protected and that appropriate authorities are notified.

The breach highlights the importance of data security and the need for companies to ensure that their data is protected. The London Stock Exchange Group has stated that the incident does not involve a security breach of their systems but rather a third party's data set that was illegally obtained from a Singapore-based firm with access to the World-Check database. The company has not disputed the amount of data stolen and is currently working to ensure that the data is protected.

The breach also raises questions about the accuracy and reliability of privately run databases like World-Check, which are used by companies to conduct customer due diligence. These databases are known to contain errors that can affect entirely innocent people with no nexus or connection to crime but whose information is stored in these databases.

In 2016, an older copy of the World-Check database leaked online following a security lapse at a third-party company with access to the data, including a former advisor to the U.K. government that World-Check had applied a "terrorism" label to his name. Banking giant HSBC shut down bank accounts belonging to several prominent British Muslims after the World-Check database branded them with "terrorism" tags.

The London Stock Exchange Group has stated that the incident does not involve a security breach of their systems but rather a third party's data set that was illegally obtained from a Singapore-based firm with access to the World-Check database. The company is currently working with the affected third party to ensure that their data is protected and that appropriate authorities are notified.

The breach highlights the importance of data security and the need for companies to ensure that their data is protected. The London Stock Exchange Group has stated that the incident does not involve a security breach of their systems but rather a third party's data set that was illegally obtained from a Singapore-based firm with access to the World-Check database. The company is currently working to ensure that the data is protected.

The breach also raises questions about the accuracy and reliability of privately run databases like World-Check, which are used by companies to conduct customer due diligence. These databases are known to contain errors that can affect entirely innocent people with no nexus or connection to crime but whose information is stored in these databases.

In conclusion, the breach of the World-Check database is a significant one, with 5.3 million records stolen and potentially being used for malicious purposes. The London Stock Exchange Group, which maintains the database, has stated that it was not a security breach of their systems but rather a third party's data set that was illegally obtained from a Singapore-based firm with access to the World-Check database. The company is currently working with the affected third party to ensure that their data is protected and that appropriate authorities are notified. The breach highlights the importance of data security and the need for companies to ensure that their data is protected, as well as the need for accurate and reliable customer due diligence databases.

GhostR has claimed responsibility for stealing 5.3 million records from the World-Check screening database, which is used for "know your customer" checks
GhostR has claimed responsibility for stealing 5.3 million records from the World-Check screening database, which is used for "know your customer" checks
Share Article:
Editor

Group of selected Authors

Post a Comment (0)
Previous Post Next Post