Threat Actor: GhostR | GhostR
Victim: World-Check | World-Check
Price: Not mentioned
Exfiltrated Data Type: Confidential database containing 5.3 million records
Additional Information:
- World-Check is a global database used by organizations for assessing potential risks associated with individuals and entities.
- The database is owned by LSEG (London Stock Exchange Group).
- The threat actor, GhostR, stole the database in March and threatened to publish the data online.
- The stolen data includes records on government officials, diplomats, politically exposed people, criminals, suspected terrorists, intelligence operatives, and a European spyware firm.
- Compromised data includes names, passport numbers, Social Security numbers, online crypto account identifiers, bank account numbers, and more.
- World-Check had different owners over the years, including Thomson Reuters and Refinitiv.
- The disclosure of the data poses a threat to individuals’ privacy and could lead to discrimination, persecution, or cyberattacks.
- The database has been criticized for including names of people and organizations mistakenly considered terrorists.
- In the past, copies of the World-Check database were accidentally exposed online and journalists gained access to it, revealing inaccuracies in the designations.
World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities. It compiles information from diverse sources like public records, regulatory filings, and proprietary databases to create profiles of entities susceptible to financial crime, terrorism, or corruption. World-Check aids organizations in conducting due diligence and adhering to regulatory standards concerning anti-money laundering (AML) and counter-terrorism financing (CTF).
World-Check is currently owned by LSEG (London Stock Exchange Group).
A financially motivated threat actor, called GhostR, announced the theft of a confidential database containing 5.3 million records from the World-Check.
The threat actor said that he stole the database in March and threatened to publish the data online.
The hackers told TechCrunch that they stole the database from a Singapore-based company that has access to the sensitive database, however, they did not name the victim organization.
The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm.
Compromised data vary by individuals and organizations, it includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.
World-Check had different owners across the years, it was originally founded as an independent company. Curiously, in 2011, Thomson Reuters acquired World-Check, then in October 2018, Thomson Reuters closed a deal with The Blackstone Group. As a result of this merger, World-Check became part of the new company, Refinitiv. LSEG acquired Refinitiv is 2021.
The disclosure of data in the archive poses a threat to the individuals whose data it contains. This is sensitive information that could lead to discrimination, persecution, or otherwise cause harm to individuals by violating their privacy and exposing them to various types of cyberattacks.
The database was criticized because it includes names of people and organizations that are mistakenly considered terrorists.
In June 2016, security researcher Chris Vickery found a copy of the World-Check database dated 2014 that was accidentally exposed online.
In August 2015, journalists from BBC’s Radio 4 gained 30 minutes of access thanks to the support of a disgruntled customer and demonstrated that the designations in the archive were inaccurate.
The Vice News also gained access to the World-Check archive in February 2016 arriving at the same conclusion after it analyzed some profiles in the database
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, GhostR)
Original Source: https://securityaffairs.com/162136/cyber-crime/hackers-threaten-leak-world-check.html