InfoSecBulletin Cybersecurity for mankind
A criminal hacking group claims to have stolen the World-Check database with millions of records. The database is used by companies to check if potential customers have connections to financial crime or sanctions.
The group called GhostR stole 5.3 million records from the World-Check database in March and are threatening to release the data online.
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
World-Check is a database that companies use to check if potential customers are high-risk or potential criminals. It helps companies identify people with connections to money laundering or who are under government sanctions. The hackers claimed to have stolen the data from a Singapore-based company that has access to the World-Check database, but they did not reveal the name of the company.
A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.
Simon Henrick, a spokesperson for the London Stock Exchange Group, clarified that the incident was not a security breach of their systems. Instead, it involved a third party’s data set, including a copy of the World-Check data file. This data file was illegally obtained from the third party’s system. The London Stock Exchange Group is working with the affected third party to protect their data and notify the appropriate authorities.
LSEG did not name the third-party company, but did not dispute the amount of data stolen.
TechCrunch saw stolen data with records on thousands of people, including government officials, diplomats, and leaders of private companies considered high risk for corruption or bribery. The list also includes people involved in crime, terrorism, intelligence, and a spyware vendor from Europe.
The data in the database is different for each record. It includes names, passport numbers, Social Security numbers, online crypto account identifiers, bank account numbers, and more.
World-Check is now owned by the London Stock Exchange Group after buying Refinitiv in a $27 billion deal in 2021. LSEG gathers information from public sources like sanctions lists, government sources, and news outlets, and offers the database to companies as a subscription for doing customer due diligence.
Private databases, such as World-Check, sometimes have errors that can unfairly implicate innocent people not involved in any criminal activity. These individuals have their information stored in these databases.
In 2016, the World-Check database was leaked online due to a security issue at a third-party company. This leak included information about a former advisor to the U.K. government who had been labeled as “terrorism” by World-Check. HSBC, a major bank, closed the bank accounts of some well-known British Muslims who were also labeled as “terrorism” in the World-Check database.
A spokesperson for the U.K.’s data protection authority, the Information Commissioner’s Office, did not immediately comment on the breach.
Source: Techcrunch, bankinfosecurity
