View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers threaten to leak highly-sensitive data about politicians and exposed individuals

The information stolen from the World-Check database by hackers includes private information about politically exposed people potentially involved in terrorism or other offences.

By Livia Giannotti

A group of hackers is threatening to leak millions of records containing sensitive information about politically exposed persons (PEPs) and other heightened-risk individuals and companies.

world-check database is owned by LSEG
World-Check database is owned and maintained by the LSEG. (Photo by brookgardener/ Shutterstock)

The data was stolen from World-Check on Thursday by the unheard-of hacking group Ghost R, which claimed responsibility for the attack by contacting several media platforms including TechCrunch and The Register.

World-Check is a database used by financial institutions and other companies to conduct know-your-customer (KYC) checks, in particular to screen potential clients for money laundering, terrorism, bribery and corruption. It contains 5.3 million records obtained from global watch lists, government records, official sanctions lists and media searches.

Ghost R showed part of the stolen data to TechCrunch, which reported that it includes information about “individuals who were sanctioned as recently as this year”, and records “on thousands of people, including current and former government officials, diplomats” and “individuals accused of involvement in organised crime, suspected terrorists, intelligence operatives and a European spyware vendor”.

The information varies across records, but it often consists of names, social security and bank account numbers, and explanations for being a part of the database, potentially including criminal records. However, reports of innocent individuals being identified as terrorists by World-Check in 2016 could make the data leak all the more hazardous.

Ghost R said it would start releasing the stolen data “soon”, which will reportedly include information about UK royal family members.

A spokesperson for the London Stock Exchange Group (LSEG), which owns and maintains World-Check, told Tech Monitor that the security breach did not occur to LSEG or its systems. “The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system,” the spokesperson said.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

“We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified,” LSEG told Tech Monitor.

World-Check data previously leaked online

It is not the first time that World-Check has fallen victim to a data breach. In 2016, an out-of-date version of the database was leaked online after a similar incident, when a third-party company with access to the database mistakenly leaked it online.

The 2016 breach revealed that a number of individuals were falsely identified as terrorists, causing them to be locked out of banks.

Read more: Cisco debuts new AI-powered ‘HyperShield’ security system

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.