A hacking group called GhostR claims to have stolen a massive database from World-Check and is threatening to leak it soon, with first leak targeting "thousands of individuals, including royal family members."
The database, maintained by the London Stock Exchange Group (LSEG) under the World-Check brand, reportedly contains information on millions of individuals and entities flagged for potential financial crime, terrorism, and other risks.
World-Check database is a key resource used by banks and financial institutions for know-your-customer (KYC) checks and to verify the trustworthiness of their customers.
For financial institutions, KYC checks are vital for preventing financial crime and adhering to anti-money laundering regulations.
TechCrunch says it reviewed a portion of the stolen data provided by GhostR. The sample revealed a concerning mix of individuals, including government officials, diplomats, suspected terrorists, intelligence operatives and even private companies.
GhostR told the publication that it hacked a Singapore-based firm with access to World-Check in March.
A spokesperson for the LSEG confirmed the incident but stressed that it was not a breach of their own systems.
"The compromised data originated from a third-party vendor," the spokesperson said.
LSEG says it is currently working with the affected firm to determine the scope of the breach and is taking steps to bolster data security across its network.
The full impact of this data breach remains to be seen.
LSEG, which currently owns World-Check, gathers information from public sources such as sanctions lists, government records, and news outlets. The database is offered to companies on a subscription basis for conducting customer due diligence.
World-Check became part of LSEG in 2021 following LSEG's acquisition of financial data company Refinitiv for $27 billion.
The database reportedly contains 5.3 million records with information such as names, Social Security numbers, passport numbers, bank account numbers, online crypto account identifiers, reason for inclusion, and more.
This isn't the first time World-Check has been compromised. A previous edition was leaked in 2016 when owned by Thomson Reuters, containing 2.2 million records.
That leak exposed flaws in the database, resulting in innocent people having their bank accounts closed.
Banking giant HSBC closed the accounts of several prominent British Muslims due to "terrorism" tags assigned by the World-Check database.
A former UK government advisor also found his name on the list with "terrorism" label attached, highlighting the potential for reputational damage and disrupted financial services for those wrongly included.
However, individuals concerned about their information being in the database can submit an inquiry to LSEG.
According to the LSEG World-Check website, individuals have the right to request a copy of their personal information held by LSEG, ask for updates to their personal information, and object to the processing of their personal data.
"An individual may, request that his/her personal information be updated or removed from World-Check," World-Check privacy policy page states.
"However, it is important to note that any right you may have to request updates or deletions to your personal information on World-Check is not absolute and we may be lawfully permitted to refrain from making any update or deletion to your personal information on World-Check. In such circumstances, we will explain to you why this is the case."
This article originally appeared on our sister site Computing.
