GhostR gang claims theft of 5.3M records of World-Check KYC database
Learn More
The criminal hacking group GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, a resource used globally for "know your customer" (KYC) screenings. This database helps companies identify potential customers who might pose a high risk due to connections with money laundering, sanctions, or other financial crimes. World-Check is owned by the London Stock Exchange Group (LSEG).
The breach reportedly occurred in March when GhostR accessed the database through a third-party Singapore-based firm, which remains unnamed but had legitimate access to LSEG World-Check.
Hackers have shown a samples of the stolen data to media companies, containing details on:
- individuals recently sanctioned this year,
- sensitive information about government officials, diplomats, and private company leaders classified as "politically exposed people" susceptible to corruption risks.
- suspected organized criminals, terrorists, intelligence operatives,
- a European spyware vendor.
This information includes:
- names,
- passport numbers,
- social security numbers,
- financial details like bank account numbers.
A spokesperson for the London Stock Exchange Group (LSEG) clarified that the breach was not of LSEG systems but of a third party's dataset containing World-Check data. LSEG is actively collaborating with the affected third party to secure the data and has informed appropriate authorities.
