IDMerit data breach: 1 billion personal data records exposed in KYC data leak

IDMerit data breach: 1 billion records of personal data exposed in KYC data leak

KYC procedures are the backbone of the digital economy, enabling digital services worldwide. However, for KYC to function in a trusted manner, the data users submit must remain strictly between them and the vendor.

Unfortunately, this is not always the case. The Cybernews research team recently discovered a massive open database containing nearly a terabyte of data.

The leaked details include a treasure trove of personally identifiable information (PII), including full names and addresses, as well as national identification documents and phone numbers. The exposed MongoDB instance contained several databases, covering individuals from 26 countries, making the data leak truly global.

Our team believes the exposed database belongs to IDMerit, an AI-powered digital identity verification solutions provider. The company serves the fintech and financial services sectors, helping businesses with real-time verification tools. KYC practices are a global norm for users to verify their identities when setting up various accounts.

Data breach at fintech giant Figure affects close to a million customers

The data breach that hit blockchain-based lending giant Figure affected nearly a million customers, according to a security researcher.

Last week, Figure confirmed a data breach allowed hackers to steal “a limited number of files” from its systems. The company did not provide specifics on what kind of data was stolen nor say how many customers were affected.

On Wednesday, Troy Hunt, a security researcher and creator of the data breach notification site Have I Been Pwned, analyzed the data allegedly taken from Figure and found it contained 967,200 unique email addresses associated with Figure customers.

The data also included customer names, dates of birth, physical addresses, and phone numbers.

...

The cybercrime group ShinyHunters told TechCrunch last week that it was to blame for the cyberattack targeting Figure. The group published 2.5 gigabytes of data allegedly stolen from Figure on its leak website, where the hackers shame their victims and publish stolen data if they fail to extort the hacked companies.

Cybersecurity Requires Collective Resilience

When a CrowdStrike patch inadvertently disrupted Windows endpoints worldwide in 2024, even well-prepared companies were impacted. Yet while many companies struggled to get back online, some were able to recover surprisingly quickly. The difference came down to how quickly leaders could understand the scope and risk, validate mitigation steps, and align communications.

For example, within an hour of the disruption, members of the Business Resilience Council (BRC) were sharing what they were seeing in a cross-sector chat. Later that day, those practitioners were collaborating on a call. Soon after, CrowdStrike’s CEO briefed over one thousand companies in the BRC’s trusted forum.

The only way to consistently reach that level of speed and candor is through pre-wired relationships, secure channels, and rehearsed playbooks.

That’s what we call “collective resilience.”

From in-house CISO to consultant. What you need to know before making the leap

The move from in-house CISO to consultant promises autonomy and impact, but it also forces security leaders to rethink both their skill set and their mindset.

For Nikoloz Kokhreidze, the move into cybersecurity consulting came gradually through a series of small steps. “I accumulated enough experience across different industries, I started my newsletter, and I realized there’s a community of people interested in what I have to say,” he explains.

What ultimately crystallized the decision was the thought that his impact didn’t have to stop at the edge of one organization. “I was solving the same problems repeatedly in one company,” he says, “when I could solve them for multiple companies simultaneously, multiplying my impact and helping more businesses grow through pragmatic security leadership.”

In August 2025, Kokhreidze launched his consulting business, Mandos. But he’s careful not to romanticize the move. “It’s important to stay realistic,” he says. Going solo takes time and patience. It means figuring out where you can be most useful. And being willing to stay flexible. “You have to be ready to pivot when you have new ideas, or when things don’t work out,” he says.

Meta and Other Tech Firms Put Restrictions on Use of OpenClaw Over Security Fears

Last month, Jason Grad issued a late-night warning to the 20 employees at his tech startup. “You've likely seen Clawdbot trending on X/LinkedIn. While cool, it is currently unvetted and high-risk for our environment," he wrote in a Slack message with a red siren emoji. “Please keep Clawdbot off all company hardware and away from work-linked accounts.”

Grad isn’t the only tech executive who has raised concerns to staff about the experimental agentic AI tool, which was briefly known as MoltBot and is now named OpenClaw. A Meta executive says he recently told his team to keep OpenClaw off their regular work laptops or risk losing their jobs. The executive told reporters he believes the software is unpredictable and could lead to a privacy breach if used in otherwise secure environments. He spoke on the condition of anonymity to speak frankly.

Seconds Count: How AI is redefining 911 response in Southwest Florida

When you dial 911, the difference between life and death is often measured in seconds.

For decades, emergency dispatchers have relied on GPS technology that places a caller’s location as a simple dot on a map.

…While effective in an open field, it struggles in the vertical world of modern architecture. This leaves first responders guessing which floor to search, wasting precious time in high-rise buildings or multi-story complexes.

…

To solve this, agencies across Southwest Florida are partnering with private tech firms to overhaul emergency response. One such company, 911locate.ai, is …currently partnering with the Collier County Sheriff’s Office to implement software that can:

• Identify Vertical Location: Pinpoint exactly which floor a caller is on.

• Precision Mapping: Create 3D digital footprints of entire neighborhoods and communities.

• Real-Time Data Feeds: Stream sensitive information directly to first responders’ mobile devices while they are en route.

…

“When we think of all these advancements in technology we have, we don’t often consider the additional risk,” said Jordan Kelly with firm FTI Consulting.

Kelly believes that 3D mapping a building generates information that could be used for nefarious purposes.

“You are creating a high-value asset, a data asset.”