Terror-suspect database used by banks, governments, has been leaked
Thomson Reuters has secured the source of the leak
CSOnline: A database described by some as a “terrorism blacklist” has fallen into the hands of a white-hat hacker who may decide to make it accessible to the public online.
The database, called World-Check, belongs to Thomson Reuters and is used by banks, governments and intelligence agencies to screen people for criminal ties and links to terrorism.
Security researcher Chris Vickery claims to have obtained a 2014 copy of the database. He announced the details on Tuesday in a post on Reddit.“No hacking was involved in my acquisition of this data,” he wrote. “I would call it more of a leak than anything, although not directly from Thomson Reuters.”Vickery declined to share how he obtained the data, but he’s already contacted Thomson Reuters about securing the source of the leak.
In an email, Thomson Reuters said on Wednesday that it was “grateful” to Vickery for the alert. The “third-party” that leaked the database has taken it down, the company added.
Vickery has previously exposed database leaks related to Mexican voters, a Hello Kitty online fan community and medical records.
His copy of the World-Check database contains the names of over 2.2 million people and organizations declared “heightened risks.” Only a small part of the data features a terrorism category. Additional categories include individuals with ties to money laundering, organized crime, corruption and others.
He is asking Reddit users whether he should leak the database to the public. His concern is that innocent people with no criminal ties may have been placed on the list.
The information isn’t really secret either. Users can buy access to the database from Thomson Reuters.
Leaking the database, however, could create risks and tip off “actual bad guys” that they’ve been placed on the list, Vickery said.
Thomson Reuters declined to say how it might respond if Vickery decides to publicize the information. The World-Check database is sourced from the company’s analysts, “industry sources” and government records.
Related reading: Thomson Reuters World-Check KYC, AML, CFT and PEP Due Diligence
*****
Much more goes on besides just a terror database:
Truth Technologies’ Sentinel with World-Check lets you quickly and cost-effectively mitigate risks associated with PEPs, money laundering and terrorist financing. Sentinel gives you seamless access to the Data-File to determine whether customers are Politically Exposed Persons (PEPs), terrorists, or financial criminals, and to conduct enhanced due diligence. As a hosted solution for reducing your organization’s risk, there is no software for you to install, maintain or update, allowing you to focus on your core mission.
A comprehensive solution for regulatory compliance, World-Check’s risk intelligence database, contains hundreds of thousands of meticulously structured profiles on individuals and entities known to represent a financial, regulatory or reputation risk to organizations. Coverage includes; money launderers, fraudsters, terrorists, organized crime and sanctioned entities amongst other high risk categories. In addition, World Check tracks Politically Exposed Persons (PEPs) and their relationship networks plus individuals and businesses from other categories. World-Check’s database find direct application in financial compliance, Anti-Money Laundering (AML), Know Your Customer (KYC), PEP screening, Enhanced Due Diligence (EDD), fraud prevention, government intelligence and other identity authentication, background screening and risk prevention practices.
