In a major security leak, information of 2.2 million high-risk individuals from World-Check database got leaked online. Many government agencies, intelligence, banks, financial organizations, law enforcement, etc. use this database to identify individuals involved in illegal financial activities and even terrorism. Thomson Reuters, which maintains the database has confirmed the leak and has attributed it to a third party.
Chris Vickery, a security researcher at the software firm MacKeeper, posted the leak information on Reddit. He wrote,
This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database. Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.
However, he added that he did not use hacking to acquire this data. He called it a more of a leak but not directly from Thomson Reuters. Thomson Reuters acknowledged this information and confirmed it in a statement,
Thomson Reuters was yesterday alerted to out-of-date information from the World-Check database that had been exposed by a third party. We are grateful to Chris Vickery for bringing this to our attention, and immediately took steps to contact the third party responsible.
It further said that the third party had taken down the information ensuring that such accident won’t take place in future.
What is World-Check and why is it such a big deal ?
As Vickery mentioned in his post, World-Check database contains sensitive information about heightened risk individuals , organizations and Politically Exposed Persons (PEP’s). And such kind of security leaks threaten to undermine the very purpose of such a huge database.
World-Check came into existence in 2000 with an aim to reduce financial crimes. Initially, financial institutions and banks used it to access, manage and remediate risk. Over the period of time, the value of database increased and many organizations from all sectors began to use it.
Today, many banks and law firms use World Check to minimize terrorist financing and money laundering. In 2011, Thomson Reuters acquired World-Check for $530 million as part of their Governance Risk and Compliance (GRC) unit.
According to vice.com, over 300 government and intelligence agencies, 49 banks out of 50 biggest banks, and 9 law firms out of top 10 global law firms use world-check at present. Among other categories, the database also contains a blacklist of 93,000 individuals suspected of having ties to terrorism.
Reportedly, over 350 research analysts in 11 research centers across five continents update this massive database. The research team at World-Check covers over 240 countries and territories worldwide monitoring emerging risks in more than 60 languages.