Hackers leak World-Check, sanctions, and crimes database


Hackers have stolen and leaked the London Stock Exchange Group’s (LSEG) World-Check screening database with over five million records on politically exposed persons (PEPs), criminals, risky organizations, and other institutions.

The database was uploaded to a well-known data leak forum, often used to trade stolen data. The attackers, calling themselves GhostR, claim that they obtained the database with 5.2 million records in March.

The Cybernews research team has looked into the data sample provided by the attackers and determined that the information appears to be legitimate. Meanwhile, LSEG told Cybernews the security incident did not involve any of the company's systems.

“This was not a security breach of LSEG/our systems. The incident involves a client’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the client’s system. We are liaising with the client, to ensure our data is protected and ensuring that any appropriate authorities are notified,” LSEG said in a statement shared with Cybernews.

World Check leak
Attacker's post announcing the leak. Image by Cybernews.

The LSEG World-Check database allows users to perform “know your customer” checks (KYC) to comply with regulations and avoid entering partnerships with persons or entities involved in financial crime, terrorism, or other illicit activities.

The stolen data includes individuals’ names, surnames, job titles, background information, entity names, and the reasons for their inclusion in the list. The records contain thousands of people, diplomats, government officials, numerous private companies, individuals involved in organized crimes, intelligence operatives, suspected terrorists, and other information.

In a separate post announcing a different breach, GhostR revealed that the World-Check database was obtained after attackers penetrated Mustafa Centre, a Singapore-based 24-hour shopping mall that used the database.

The LSEG gained ownership of the database after it acquired the database’s creator, the financial data provider Refinitiv.

Updated on April 26th [01:20 p.m. GMT] with a statement from LSEG.


More from Cybernews:

Label working with Snoop Dogg and Iggy Azalea faces cyberthreat

ByteDance prefers TikTok shutdown in US if legal options fail

CISA’s ransomware warnings helped patch 852 vulnerabilities

BerryDunn suffers third-party breach, 1M affected

Qualcomm announces new chip in a bid to compete with Apple and Intel

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked