Cybercriminals are threatening to leak 5 million records from the stolen World-Check database. It is used by businesses to verify the trustworthiness of users.

A member of the hacker group GhostR claimed responsibility for the data theft. Their authenticity was confirmed by representatives of the London Stock Exchange Group (LSEG), which maintains the database. “This was not a security breach of LSEG/our systems. Information was illegally obtained from a third party system. We are liaising with the affected third party to ensure our data is protected and all relevant authorities are notified,” an LSEG spokesperson said.

The World-Check database collects information about unwanted individuals such as terrorists, money launderers, untrustworthy politicians, etc. It is used by companies during Know Your Customer (KYC) checks, including banks and other financial institutions, to confirm clients' identities.

World-Check is a subscription-only service that collects data from public sources such as official sanctions lists, regulatory agency lists, government sources and verified media publications.

The hackers said their first publication would include detailed information about thousands of people, including “members of the royal family.” The attackers provided The Register with a sample of stolen data from 10 thousand records for authentication. Scanning the sample revealed many names from different countries, and all of them were indeed in the database. Among them were politicians, judges, diplomats, terrorism suspects, money launderers, drug lords, websites and businesses.

The list also includes well-known cybercriminals, including those suspected of working for the Chinese group APT31, such as Zhao Guangzong and Ni Gaobin, who were added to the sanctions lists just a few weeks ago. Finally, the sample includes a Cypriot spyware firm.

World-Check data includes full names, the person's category (such as organized crime member or political activist), in some cases their specific job title, date and place of birth (if known), other known aliases, gender, and a little explanation as to why they appear on the list.

A previous version of the database was leaked online in 2016, when World-Check was owned by Thomson Reuters. At that time, only 2.2 million records were included in it. The database was posted on the Internet.

Despite aggregating data from supposedly reliable sources, World-Check was previously suspected of including innocent people. During the first leak, the investigation revealed inaccuracies in the data and a number of false classifications of those involved in the base as terrorists. Thus, several British accounts with HSBC bank were closed in 2014 after they were mistakenly added to the World-Check list. Then, in particular, the mosque in London's Finsbury Park, which in the past was visited by members of the terrorist Al-Qaeda, suffered from blockades. Back in 1997, the imam of this institution was convicted terrorist Abu Hamza al-Masri. However, in 2016 the mosque was run by a group backed by London's Metropolitan Police. Sources claimed that HSBC may have closed the mosque's account due to a donation made to an unidentified Palestinian organization during the 2015 conflict with Israel. In 2021, the mosque won a libel case against a news agency that had to pay unspecified damages for illegally listing the institution as a sponsor of terrorism, which led to the suspension of banking services.

bbabo.Net