Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist


A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime.

The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for “know your customer” checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions.The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm.

A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Simon Henrick, a spokesperson for the London Stock Exchange Group, which maintains the database, told TechCrunch: “This was not a security breach of LSEG/our systems. The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system. We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified.”

LSEG did not name the third-party company, but did not dispute the amount of data stolen.

The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered “politically exposed people,” who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives, and a European spyware vendor.

The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.

World-Check is currently owned by the London Stock Exchange Group following a $27 billion deal to buy financial data provider Refinitiv in 2021. LSEG collects information from public sources, including sanctions lists, government sources, and news outlets, then provides the database as a subscription to companies for conducting customer due diligence.

But privately run databases, like World-Check, are known to contain errors that can affect entirely innocent people with no nexus or connection to crime but whose information is stored in these databases.

In 2016, an older copy of the World-Check database leaked online following a security lapse at a third-party company with access to the data, including a former advisor to the U.K. government that World-Check had applied a “terrorism” label to his name. Banking giant HSBC shut down bank accounts belonging to several prominent British Muslims after the World-Check database branded them with “terrorism” tags.

A spokesperson for the U.K.’s data protection authority, the Information Commissioner’s Office, did not immediately comment on the breach.


To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.

Leave a Reply

Your email address will not be published. Required fields are marked *