unknown hacker has secured the database for World Check, a kind of private database that accumulates the names and other information of people the different agencies of the free world consider to be the bad guys. Never knew it existed, but not surprised that it does. Not sure what releasing this information will or will not do but it seems significant. Hackers steal massive screening database and threaten to leak all the details online (msn.com) Another day, another supply chain attack with potentially devastating consequences - this time around, sensitive data from World-Check was stolen by a relatively unknown threat actor, which now threatens to release the database online. World-Check is a global database containing information on potentially high-risk people and entities. It is mostly used by financial institutions, governments, and other organizations, to run due diligence and comply with anti-money laundering, counter-terrorism financing, and sanctions screening laws. The company pulls data from various sources and creates profiles on people and organizations that could be associated with financial crime, terrorism, corruption, and similar. Other firms can then use this data to assess risks associated with their clients, business partners, and more. It was acquired by the London Stock Exchange Group (LSEG) which, in 2021, purchased Refinitiv (World-Check parent company) from Thomson Reuters - but it wasn’t World-Check, or LSEG, that were breached. It was an unnamed third party, allegedly based in Singapore, which had access to the World-Check database. TechCrunch spoke with the perpetrators, called GhostR, which said it stole 5.3 million records on thousands of people. Some of these people are government officials and diplomats, but there are also records on companies whose leaders are considered “politically exposed people”, or who are deemed susceptible to corruption or bribery. On the list are also persons accused of organized crime, terrorism, and more.
There is actually an important reason why it isn't public: who isn't on there. I'd strongly suspect that this is the money laundering businesses based in Russia, as they largely launder money for just about every large criminal enterprise in the world these days. The nice part of this being private is that it makes it harder for them to utilize the people not on that list, as they don't know who is on the list and who is not on the list.
The World Check list isn't that exciting. It relies on publicly available sources. It's value to banks is that it centralizes data on sanctions, legal actions, fines, people who work in politics, regulatory actions, etc and creates profiles which they regularly update when they find new information on a person/business. There's nothing salacious or secret there - it's a resource for banks to screen their customers against a centralized database so that each bank doesn't have to go out to thousands of sources themselves. It's not public because they charge (a lot) for access to their data.
Agree. More information is not always best. Sure, in likelihood a high percentage on the list are dirtbags; but, there will be some whose name(s) are similar to those who should be on the list, mistakes happen in general, etc. I think the internet has shown that knowing more and having more information has utility but isn't always in our best interest.