Friday , September 6 2024
London Stock Exchange

Hacker Threatens to Expose Sensitive World-Check Database

A criminal hacking group claims to have stolen the World-Check database with millions of records. The database is used by companies to check if potential customers have connections to financial crime or sanctions.

The group called GhostR stole 5.3 million records from the World-Check database in March and are threatening to release the data online.

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw

There is a new way to attack Atlassian Confluence using the vulnerability CVE-2023-22527. The Confluence Data Center and Server products...
Read More
Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw

New Cicada ransomware targets VMware ESXi servers

The Cicada3301 ransomware is made in Rust and attacks Windows and Linux/ESXi hosts. Truesec researchers examined a version that targets...
Read More
New Cicada ransomware targets VMware ESXi servers

Monday hits two UK bank apps causes outages

Lloyds Bank and Virgin Money's internet banking services were down on Monday, causing trouble for users to access and view...
Read More
Monday hits two UK bank apps causes outages

World-Check is a database that companies use to check if potential customers are high-risk or potential criminals. It helps companies identify people with connections to money laundering or who are under government sanctions. The hackers claimed to have stolen the data from a Singapore-based company that has access to the World-Check database, but they did not reveal the name of the company.
A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Simon Henrick, a spokesperson for the London Stock Exchange Group, clarified that the incident was not a security breach of their systems. Instead, it involved a third party’s data set, including a copy of the World-Check data file. This data file was illegally obtained from the third party’s system. The London Stock Exchange Group is working with the affected third party to protect their data and notify the appropriate authorities.

LSEG did not name the third-party company, but did not dispute the amount of data stolen.

TechCrunch saw stolen data with records on thousands of people, including government officials, diplomats, and leaders of private companies considered high risk for corruption or bribery. The list also includes people involved in crime, terrorism, intelligence, and a spyware vendor from Europe.

The data in the database is different for each record. It includes names, passport numbers, Social Security numbers, online crypto account identifiers, bank account numbers, and more.
World-Check is now owned by the London Stock Exchange Group after buying Refinitiv in a $27 billion deal in 2021. LSEG gathers information from public sources like sanctions lists, government sources, and news outlets, and offers the database to companies as a subscription for doing customer due diligence.

Private databases, such as World-Check, sometimes have errors that can unfairly implicate innocent people not involved in any criminal activity. These individuals have their information stored in these databases.

In 2016, the World-Check database was leaked online due to a security issue at a third-party company. This leak included information about a former advisor to the U.K. government who had been labeled as “terrorism” by World-Check. HSBC, a major bank, closed the bank accounts of some well-known British Muslims who were also labeled as “terrorism” in the World-Check database.

A spokesperson for the U.K.’s data protection authority, the Information Commissioner’s Office, did not immediately comment on the breach.

Source: Techcrunch, bankinfosecurity

Check Also

Chart

Minecraft Server faced 3.15 Billion Packet Rate DDoS Attack

Global Secure Layer (GSL) recently mitigated a huge volume of DDoS attack ever recorded. The …

Leave a Reply

Your email address will not be published. Required fields are marked *