"Hackers" want to publicly snitch on those with supposed "links" to financial crime and sanctions. Not convictions nor actual sanctions, but links. Like the same brand of hacker that is all in on bitcoin, anarchy, etc? Hackers are shaming agents in service of the State Department now? Sell us another one.
People should not be de-personed because a bank thinks that they are risky. The population, in general, needs to stop pretending that anonymous "hackers" are legitimate justice advocates instead of the likely state actors that they are. Unless they want anything of the sort to be co-opted and then utilized against them.
These are KYC checks so the information is very interesting if you're the average joe.
the US Bank Secrecy act prohibits you from ever knowing the details of a SAR, or suspicious activity report. there are criminal punishments if a bank were to tell you a SAR had even been filed against you. https://en.wikipedia.org/wiki/Suspicious_activity_report
if this agency does not capitulate to the demands of hackers, then 5.3 million people would suddenly know their SAR/KYC status. it would do quantifiable harm to the prosecution of financial crimes globally.
> A 2020 Bank Policy Institute study found that American SARs elicited a response from law enforcement in a median of 4% of reports, and that a tiny subset of those responses resulted in arrest and conviction, suggesting that 90% to 95% of SARs reports were false positives of unlawful activity.[5]
Anecdotally, I've heard of many people having issues with this system.
I find the claim that "it would do quantifiable harm to the prosecution of financial crimes globally" technically true (it is quantifiable), but to be overall exaggerated as to its actual harm.
That's not surprising. There are plenty of suspicious things that aren't illegal. Moving $10k in cash around can often be legal, but could trigger a SAR. SARs aren't just supposed to catch illegal things. They catch suspicious things, and illegal things will be a small subset of those.
Is it just cash? I was doing some freelancing and as I invoiced each month, I'd often generate a cashier's check from my business checking account to my personal checking, that varied between 9-12K a month. I was "warned" by my credit union about this and that there could be flags raised, but my response was, "what am I meant to do? That number is derived from my consulting hourly rate and the work I put in each month."
I believe the way to avoid SAR here is to file for an LLC, then create a business account, then pay yourself whatever wage via direct deposit for 1099/W-2/capital divestment payments. I'm not saying that you should have to do that, but I believe it's the best way to avoid SAR.
When you own a company, you can direct that company to pay you.
There are many names for the payments to owners, such as "dividend", "loan", "draw", etc. None of these payments are suspicious if both you and your business account for them properly.
You don't need to disguise payments to owners as wages or 1099s, but you're free to do so if for some reason it's advantageous. But don't do it just for the appearance of legitimacy.
There are some rules that kind of establish a minimum amount you need to pay yourself for your own labor (either W-2 or 1099), I don’t think you can take 100% as capital divestments, but otherwise yes totally agree with you. I meant paying yourself however is most advantageous for your earnings/tax/savings situation.
KYC checks have in the past resulted in me being unable to open a bank account due to a "discrepancy" between my SSN and my DOB (due to me being an immigrant).
The flip side of your comment is that 1 in 60 (including minors) people in the USA are on a watch list for financial crime.
I think more worrying as a society is not the risk to prosecution of financial crimes (this list being uncovered does not erase evidence of previous or current financial crimes in progress) is how those 1 in 60 people got to be on such a list in the first place.
That doesn't really sound like a lot, in the scheme of things.
Almost 1 in 3 Americans (adults) have been arrested for a felony crime. (edit: have a criminal record)
I think you’re misremembering that statistic. 1/3 of Americans have some form of criminal record, but not all crimes are felonies, anyone with a traffic ticket counts.
But on a second reading of that page, I think you're right, "criminal record" is more accurate. My point is the same, either way -- it's a lot of people.
Most traffic violations are civil infractions, not criminal (unless there's many repetitions of the same CI to elevate it to a criminal charge, it's not going to be on a criminal record).
Yes and no, in the same way that Social Security is and is not an income tax. A minor speeding ticket does and doesn’t get added to your criminal record.
Wow, I found this hard to believe. I still couldn't find the figure of % arrested for a felony, but I found a reliable looking source that 8% of adults have been convicted of one in 2010, so I find it very believable now. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5996985/
Every arrest is logged into a database run by the FBI, along with the data (ID, fingerprints, description, arrest records, etc.). I don't think all states/jurisdictions are part of the information sharing program, but the majority are at least, and some of that data is even shared internationally when people go through customs IIRC.
If I was incorrectly "linked" to some financial crimes I'd like to know about it. If others make decisions based on this data that affect me personally then I'd like to know about it.
I have to pay to know about it.
But any powerful/wealthy person who has done things that could get them on the list probably have the means to see the list for themselves.
My point was that it should change public support for their intended data release.
Because no one should be ok with the State anonymously doxxing uncharged targets, let alone people who are merely on lists as being known to have "links".
I assume that such an action would be to create both leverage and punishment, outside of what legal constraints would otherwise allow.
The nature of democracy is such that the government can't punish individual citizens via stealth practices, and the citizenry can't be ok with it.
Generally speaking, this type of thing would have been vetted by a journalist. Who would have acted as the final release valve, after verifying that the source was legitimate and not, for example, the government itself. While keeping the source confidential, and vetting the information for the ethics and justification for its release.
But today it would be foolish to trust most journalists with that process. And so the public are left with the judgement as to the possible motivations, identities, and probable legitimacy of the actions of anonymous sources who, for whatever reason, aren't first releasing to journalists. Backstops removed, such an action represents a lot of social risk and begs questions.
It’s an interesting perspective for the LSEG to say (paraphrasing) “we maintain a sensitive database that we gave to a third party (presumably with some amount of vetting, since the data is sensitive) and that third party did not adequately secure it, therefore this is not a security lapse on our part”
I was going to make this point. It is of course a breach of security on their part. If a company believes that the data they collect is sensitive, then they need to take great care about the partners they share information with, including their capacity to protect it - it's a matter of common sense that the easiest places to breach will be the places suffering the data leak.
If the hackers phished the customers of the third-party and used their accounts to scrape the information in some way, would you consider that a security lapse on LSEG's part?
Is there some reason why these records should not be public? Making them public would lead both to greater accuracy and their more widespread use keeps criminals out of the financial systems.
> Making them public would lead both to greater accuracy and their more widespread use keeps criminals out of the financial systems.
What about arresting criminals for their actual crimes instead of having a gigantic, worldwide, army of bureaucrats inventing sick and sicker KYC/AML rules which do nothing but cost business and honest people time and money?
Estimated worldwide KYC/AML compliance costs: $180bn. For absolutely nothing: nothing of value is produced. Pure Brazil (the movie) style redtape pointless documents, processes, code, etc. To freeze (not seize: just freeze, some of it shall be unfrozen after more pointless public servants shall waste time producing nothing of value)... $12 bn. 15x less than the estimated cost.
That's totalitarism for you: pure insanity created by sick minds and admired by sicker minds.
You know the value of measures like this is not just the money frozen but also the prevented crime which is not even attempted because people know about the measures, right? That’s like saying surveillance cameras are useless because they don’t catch thieves. Sure, but maybe they decrease theft anyways…
Because the people in question aren't necessarily criminals. You should be careful of how easily that you may be hypnotized by language, including but not exclusive to accusations.
PEPs — Politically Exposed Persons, like family of politicians. Businesses with KYC screening requirements beyond sanctions and criminal convictions might care about it, because they fear bad media coverage, for examples
I'm not seeing a problem with them going public either. The article even states that there are innocent people on the list. It would be nice to know so they can contest and clear their data off the list.
This is true, but it's not exactly private. In this case it is circulated widely among banks. I'd happily accept another method for private people to know they are on a private list.
As I understand, in the finance world lists like this are considered classified because knowing you're on one, or the circumstances that put you on one could help you/others circumvent the measures. Fraud detection works like this - if you're under investigation, you won't know about it, you'll have some vague issue with your bank account.
This is where the article is insufficiently clear. Lists of people who are under investigation for fraud is definitely something banks keep quiet, for the reason you mentioned. But as a sibling comment says, sanctions lists are public, as are records of people convicted of relevant crimes in most (all?) jusrisdictions. So what kind of lists are these? Because the article's line about "individuals who were sanctioned as recently as this year" is hardly exciting - the UK sanctions list has people sanctioned today, 18 April.
Fairly sure that anything super sensitive like that won’t make it into the World-Check datafile. The records in there are mostly already public information if you know where to look
These are hundreds of lists from all over the world updated a few times a day. They are very diverse ranging from known terrorist fronts to things as benign as a locally elected politician. Assuming everyone mentioned in the DB was somehow involved in fraud or criminal activity would be a gross misrepresentation. Financial institutions and other businesses use them in KYC/AML, but also for flagging accounts that might need some white glove /red carpet treatment as mistakes made on those could lead to bad press.
Much of the data is indeed public. LSEG have analysts going around all the websites of major government entities publishing sanctions lists to update their database. If you’re politically exposed or get mentioned in the media for being convicted of fraud and it’s public knowledge, it’ll gets pulled in too.
LSEG get sued by people all the time, so they document and justify everything that goes into the file. There are very good legal reasons to do so.
LSEG is a data vendor. They don't want to make their data public because they charge for it. Much of the original raw data that they aggregate is already public.
And that is indeed a service worth paying for. LSEG data set has decent coverage for businesses outside US and Europe, and they are one of the few who offer fairly reliable UBO ("universal beneficial owner") data on top.
They're not cheap, but comparing to the cost of spending double-digit number of hours trying to find the same information in house - you are quite likely to come out ahead.
For those wondering, UBO research is not unlike investigative journalism.
The data goes stale after a while. The real value of World-Check, is that it’s constantly updated, and if you’re using LSEG’s KYC screening platform, you get notified in real time as soon as anybody you’ve screened gets a new hit or update in the datafile. That covers you when good customers turn bad.
True in theory but compliance is not a realtime businesses process. In my days as I remember we got updates 3 times a day which was more than enough (many if not most risk/compliance processes either run once every 24 hours overnight, or are triggered at events such as customer onboarding.)
I’m not familiar with the minutiae of the current rules, but I know that the penalties around not screening for sanctioned entities are now quite severe. The funny bit, is that as soon as you SEE a hit against a sanctions list, the clock starts ticking, so you don’t want to check too often, to make sure you have enough analysts around to actually analyse the results. As with all things, there’s a balance to be struck.
I've integrated worldcheck for AML in financial service companies. Just like any other consultant doing this type of work, I could have walked out the door with a full copy of the DB on my laptop or a USB stick any time I wanted. Doing that might have made me a 'pirate' or a thief, but rest assured no 'hacking' would have been involved.
Legally speaking, in many/most places, taking any data you're not supposed to take from a computer system is 'hacking'. This is a story about a hacking group that took data they're not supposed to have. I don't see many scenarios in which it wouldn't qualify.
We used WorldCheck data at my last startup, it was the best in the business at the time. High quality groomed data, well tagged, with an actual timeline for each entity that explains why they're in there. Absolute top notch.
To use the World-Check datafile, you need decent tooling to go with it. You can either build your own, or use theirs. That said, it’s only as good as the analysts using the tools as well as the consultants configuring it. It’s a hard problem.
Source: worked as a developer on World-Check One for ten years.
so what's the big deal? (barely) every bank in the world has access to the world check database and there is no "secret data" in it. Just a collection of public records...
> The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.
The whole point of world-check as a service is that you can access it. This is not exactly info locked away in a vault.
Sucks for them as a business and perhaps some interesting connections/stats can be gleaned from having the whole thing as a unit for analysis...but meh.
"Hackers" want to publicly snitch on those with supposed "links" to financial crime and sanctions. Not convictions nor actual sanctions, but links. Like the same brand of hacker that is all in on bitcoin, anarchy, etc? Hackers are shaming agents in service of the State Department now? Sell us another one.
People should not be de-personed because a bank thinks that they are risky. The population, in general, needs to stop pretending that anonymous "hackers" are legitimate justice advocates instead of the likely state actors that they are. Unless they want anything of the sort to be co-opted and then utilized against them.
These are KYC checks so the information is very interesting if you're the average joe.
the US Bank Secrecy act prohibits you from ever knowing the details of a SAR, or suspicious activity report. there are criminal punishments if a bank were to tell you a SAR had even been filed against you. https://en.wikipedia.org/wiki/Suspicious_activity_report
if this agency does not capitulate to the demands of hackers, then 5.3 million people would suddenly know their SAR/KYC status. it would do quantifiable harm to the prosecution of financial crimes globally.
From your link:
> A 2020 Bank Policy Institute study found that American SARs elicited a response from law enforcement in a median of 4% of reports, and that a tiny subset of those responses resulted in arrest and conviction, suggesting that 90% to 95% of SARs reports were false positives of unlawful activity.[5]
Anecdotally, I've heard of many people having issues with this system.
I find the claim that "it would do quantifiable harm to the prosecution of financial crimes globally" technically true (it is quantifiable), but to be overall exaggerated as to its actual harm.
That's not surprising. There are plenty of suspicious things that aren't illegal. Moving $10k in cash around can often be legal, but could trigger a SAR. SARs aren't just supposed to catch illegal things. They catch suspicious things, and illegal things will be a small subset of those.
Is it just cash? I was doing some freelancing and as I invoiced each month, I'd often generate a cashier's check from my business checking account to my personal checking, that varied between 9-12K a month. I was "warned" by my credit union about this and that there could be flags raised, but my response was, "what am I meant to do? That number is derived from my consulting hourly rate and the work I put in each month."
I believe the way to avoid SAR here is to file for an LLC, then create a business account, then pay yourself whatever wage via direct deposit for 1099/W-2/capital divestment payments. I'm not saying that you should have to do that, but I believe it's the best way to avoid SAR.
When you own a company, you can direct that company to pay you.
There are many names for the payments to owners, such as "dividend", "loan", "draw", etc. None of these payments are suspicious if both you and your business account for them properly.
You don't need to disguise payments to owners as wages or 1099s, but you're free to do so if for some reason it's advantageous. But don't do it just for the appearance of legitimacy.
There are some rules that kind of establish a minimum amount you need to pay yourself for your own labor (either W-2 or 1099), I don’t think you can take 100% as capital divestments, but otherwise yes totally agree with you. I meant paying yourself however is most advantageous for your earnings/tax/savings situation.
No, I just picked one example, there are a lot of things that could trigger it
KYC checks have in the past resulted in me being unable to open a bank account due to a "discrepancy" between my SSN and my DOB (due to me being an immigrant).
The flip side of your comment is that 1 in 60 (including minors) people in the USA are on a watch list for financial crime.
I think more worrying as a society is not the risk to prosecution of financial crimes (this list being uncovered does not erase evidence of previous or current financial crimes in progress) is how those 1 in 60 people got to be on such a list in the first place.
That doesn't really sound like a lot, in the scheme of things. Almost 1 in 3 Americans (adults) have been arrested for a felony crime. (edit: have a criminal record)
I think you’re misremembering that statistic. 1/3 of Americans have some form of criminal record, but not all crimes are felonies, anyone with a traffic ticket counts.
https://www.ncsl.org/civil-and-criminal-justice/criminal-rec...
The 1/3 number I'm citing counts arrests without convictions
https://www.politifact.com/factchecks/2017/aug/18/andrew-cuo...
But on a second reading of that page, I think you're right, "criminal record" is more accurate. My point is the same, either way -- it's a lot of people.
Most traffic violations are civil infractions, not criminal (unless there's many repetitions of the same CI to elevate it to a criminal charge, it's not going to be on a criminal record).
Yes and no, in the same way that Social Security is and is not an income tax. A minor speeding ticket does and doesn’t get added to your criminal record.
Wow, I found this hard to believe. I still couldn't find the figure of % arrested for a felony, but I found a reliable looking source that 8% of adults have been convicted of one in 2010, so I find it very believable now. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5996985/
> Almost 1 in 3 Americans (adults) have been arrested for a felony crime.
That one is absurd. How do your governments (on all spheres) keep up? Do they even know who is arrested?
They... keep records? It's not like they have to memorize it lol
The keep searchable records so that criminals get to see a judge when their sentence finishes?
Or they keep local records that nobody looks at or know if they are correct?
Because if it's the first one, kudos for whoever created that system. Plenty of countries fail with way less prisoners/inhabitant.
Every arrest is logged into a database run by the FBI, along with the data (ID, fingerprints, description, arrest records, etc.). I don't think all states/jurisdictions are part of the information sharing program, but the majority are at least, and some of that data is even shared internationally when people go through customs IIRC.
that is false information
If I was incorrectly "linked" to some financial crimes I'd like to know about it. If others make decisions based on this data that affect me personally then I'd like to know about it. I have to pay to know about it. But any powerful/wealthy person who has done things that could get them on the list probably have the means to see the list for themselves.
Send a data access request (under GDPR if you are in the EU).
I did so a few years ago and found I’m on their shit list :)
I'd be wondering if sending the request was enough to get you on the list.
Hackers come in many different flavors. It's entirely possible that this group is state sponsored. Would that really change anything?
I don't see anyone seriously claiming that leaking this data would deliver any sort of legitimate justice.
My point was that it should change public support for their intended data release.
Because no one should be ok with the State anonymously doxxing uncharged targets, let alone people who are merely on lists as being known to have "links".
I assume that such an action would be to create both leverage and punishment, outside of what legal constraints would otherwise allow.
The nature of democracy is such that the government can't punish individual citizens via stealth practices, and the citizenry can't be ok with it.
Generally speaking, this type of thing would have been vetted by a journalist. Who would have acted as the final release valve, after verifying that the source was legitimate and not, for example, the government itself. While keeping the source confidential, and vetting the information for the ethics and justification for its release.
But today it would be foolish to trust most journalists with that process. And so the public are left with the judgement as to the possible motivations, identities, and probable legitimacy of the actions of anonymous sources who, for whatever reason, aren't first releasing to journalists. Backstops removed, such an action represents a lot of social risk and begs questions.
I'm confused, is this a restatement of "call the bad ones crackers not hackers" debates of a couple decades ago?
It’s an interesting perspective for the LSEG to say (paraphrasing) “we maintain a sensitive database that we gave to a third party (presumably with some amount of vetting, since the data is sensitive) and that third party did not adequately secure it, therefore this is not a security lapse on our part”
I’m not sure if I buy it.
I was going to make this point. It is of course a breach of security on their part. If a company believes that the data they collect is sensitive, then they need to take great care about the partners they share information with, including their capacity to protect it - it's a matter of common sense that the easiest places to breach will be the places suffering the data leak.
If the hackers phished the customers of the third-party and used their accounts to scrape the information in some way, would you consider that a security lapse on LSEG's part?
Pass-the-buck is the oldest game in the book.
Is there some reason why these records should not be public? Making them public would lead both to greater accuracy and their more widespread use keeps criminals out of the financial systems.
> Making them public would lead both to greater accuracy and their more widespread use keeps criminals out of the financial systems.
What about arresting criminals for their actual crimes instead of having a gigantic, worldwide, army of bureaucrats inventing sick and sicker KYC/AML rules which do nothing but cost business and honest people time and money?
Estimated worldwide KYC/AML compliance costs: $180bn. For absolutely nothing: nothing of value is produced. Pure Brazil (the movie) style redtape pointless documents, processes, code, etc. To freeze (not seize: just freeze, some of it shall be unfrozen after more pointless public servants shall waste time producing nothing of value)... $12 bn. 15x less than the estimated cost.
That's totalitarism for you: pure insanity created by sick minds and admired by sicker minds.
You know the value of measures like this is not just the money frozen but also the prevented crime which is not even attempted because people know about the measures, right? That’s like saying surveillance cameras are useless because they don’t catch thieves. Sure, but maybe they decrease theft anyways…
That is because money can cross lines on political maps but police jurisdictions often do not.
Also, criminals can hide, but bank accounts are always maintained at the bank.
Because the people in question aren't necessarily criminals. You should be careful of how easily that you may be hypnotized by language, including but not exclusive to accusations.
I think there are a lot of non-criminals who would LOVE to know they are on the list.
As I said in another comment: they respond to GDPR requests.
I found out I’m on their list, as have a few other friends.
PEPs — Politically Exposed Persons, like family of politicians. Businesses with KYC screening requirements beyond sanctions and criminal convictions might care about it, because they fear bad media coverage, for examples
I'm not seeing a problem with them going public either. The article even states that there are innocent people on the list. It would be nice to know so they can contest and clear their data off the list.
> It would be nice to know so they can contest and clear their data off the list.
That can be done here:
https://www.lseg.com/en/risk-intelligence/screening-solution...
Only if you know you're on it and why though, right?
That's the case whether or not it's public.
Why is the identity of a wrongly accused person, formerly kept private, your business?
This is true, but it's not exactly private. In this case it is circulated widely among banks. I'd happily accept another method for private people to know they are on a private list.
This is a list made up of other lists, and some of those lists, like sanctions lists, are public.
e.g.: https://ofac.treasury.gov/specially-designated-nationals-and...
> their more widespread use keeps criminals out of the financial systems.
Governments already have solved this by requiring banks to use lists like these (or similar subsets of these) where desired.
As I understand, in the finance world lists like this are considered classified because knowing you're on one, or the circumstances that put you on one could help you/others circumvent the measures. Fraud detection works like this - if you're under investigation, you won't know about it, you'll have some vague issue with your bank account.
This is where the article is insufficiently clear. Lists of people who are under investigation for fraud is definitely something banks keep quiet, for the reason you mentioned. But as a sibling comment says, sanctions lists are public, as are records of people convicted of relevant crimes in most (all?) jusrisdictions. So what kind of lists are these? Because the article's line about "individuals who were sanctioned as recently as this year" is hardly exciting - the UK sanctions list has people sanctioned today, 18 April.
https://www.gov.uk/government/publications/the-uk-sanctions-...
Fairly sure that anything super sensitive like that won’t make it into the World-Check datafile. The records in there are mostly already public information if you know where to look
These are hundreds of lists from all over the world updated a few times a day. They are very diverse ranging from known terrorist fronts to things as benign as a locally elected politician. Assuming everyone mentioned in the DB was somehow involved in fraud or criminal activity would be a gross misrepresentation. Financial institutions and other businesses use them in KYC/AML, but also for flagging accounts that might need some white glove /red carpet treatment as mistakes made on those could lead to bad press.
This is private commercial data distributed under license. It isn't classified as Secret by the UK or US government.
Much of the data is indeed public. LSEG have analysts going around all the websites of major government entities publishing sanctions lists to update their database. If you’re politically exposed or get mentioned in the media for being convicted of fraud and it’s public knowledge, it’ll gets pulled in too.
LSEG get sued by people all the time, so they document and justify everything that goes into the file. There are very good legal reasons to do so.
LSEG is a data vendor. They don't want to make their data public because they charge for it. Much of the original raw data that they aggregate is already public.
They’re charging for the effort of collecting and curating it all.
And that is indeed a service worth paying for. LSEG data set has decent coverage for businesses outside US and Europe, and they are one of the few who offer fairly reliable UBO ("universal beneficial owner") data on top.
They're not cheap, but comparing to the cost of spending double-digit number of hours trying to find the same information in house - you are quite likely to come out ahead.
For those wondering, UBO research is not unlike investigative journalism.
Worldcheck is an aggregator of lists for political sensitive persons and anti money laundering. Many of the lists they aggregate are public.
A Worldcheck sub gives you access to all the lists. How is this "hacking"?
The data goes stale after a while. The real value of World-Check, is that it’s constantly updated, and if you’re using LSEG’s KYC screening platform, you get notified in real time as soon as anybody you’ve screened gets a new hit or update in the datafile. That covers you when good customers turn bad.
True in theory but compliance is not a realtime businesses process. In my days as I remember we got updates 3 times a day which was more than enough (many if not most risk/compliance processes either run once every 24 hours overnight, or are triggered at events such as customer onboarding.)
I’m not familiar with the minutiae of the current rules, but I know that the penalties around not screening for sanctioned entities are now quite severe. The funny bit, is that as soon as you SEE a hit against a sanctions list, the clock starts ticking, so you don’t want to check too often, to make sure you have enough analysts around to actually analyse the results. As with all things, there’s a balance to be struck.
This part:
> illegally obtained from the third party’s system
I've integrated worldcheck for AML in financial service companies. Just like any other consultant doing this type of work, I could have walked out the door with a full copy of the DB on my laptop or a USB stick any time I wanted. Doing that might have made me a 'pirate' or a thief, but rest assured no 'hacking' would have been involved.
The data was stolen by a hacking group, not employees
That's what's claimed. Could be an insider job instead though.
That makes it theft but doesn't make it hacking.
Legally speaking, in many/most places, taking any data you're not supposed to take from a computer system is 'hacking'. This is a story about a hacking group that took data they're not supposed to have. I don't see many scenarios in which it wouldn't qualify.
> financially motivated criminal hacking group
Sad! This information should be published because it's in the public's interest, not because someone didn't pay up.
We used WorldCheck data at my last startup, it was the best in the business at the time. High quality groomed data, well tagged, with an actual timeline for each entity that explains why they're in there. Absolute top notch.
From reviewing my own record there - it contained some factual errors.
Friends reported the same.
Yeah if you don't care about the false positives I'm sure it was great.
To use the World-Check datafile, you need decent tooling to go with it. You can either build your own, or use theirs. That said, it’s only as good as the analysts using the tools as well as the consultants configuring it. It’s a hard problem.
Source: worked as a developer on World-Check One for ten years.
so what's the big deal? (barely) every bank in the world has access to the world check database and there is no "secret data" in it. Just a collection of public records...
I wouldn’t consider passport, social security, or bank account numbers “public records”.
Unless it is a different subscription, I've never seen such information in the worldcheck database.
From TFA:
> The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.
Publish the list! I wanna show people I'm on it!
You're not paranoid if they're actually after ya!
Bit of a nothingburger.
The whole point of world-check as a service is that you can access it. This is not exactly info locked away in a vault.
Sucks for them as a business and perhaps some interesting connections/stats can be gleaned from having the whole thing as a unit for analysis...but meh.
Oh, I’m in that database!
You might be also - if you are EU based, send them a request under GDPR.