- IDMerit kept an unsecured database of over three billion records
- Experts find the database and manage to get it locked
- Personal information exposed, but affected users may be low in number
Experts have revealed that IDMerit, an AI-powered provider of digital identity verification solutions, kept a huge database full of sensitive customer information unlocked and easily accessible on the public internet.
In total, more than three billion records were discovered by cybersecurity researchers from Cyber news and finally locked.
The team said it found an open MongoDB database that weighed more than a terabyte and included records such as full names, addresses, zip codes, dates of birth, national IDs, phone numbers, gender, email addresses, telco metadata and breakup status, and social profile annotations.
Major fractures
The size of the database does not mean that three billion people were exposed, as several records belong to a single person, but the scale of the leak is still quite massive.
Cyber news says about one billion likely contained sensitive data, while the other two are database logs that are “probably less sensitive”.
The database is also global as people from 26 countries had their data exposed, with the US most affected (more than 203 million records). Mexico (124 million) and the Philippines (72 million) round out the top three with Germany, Italy and France making notable appearances, with 61 and 53 million records leaked respectively.
“At this scale, downstream risks include account takeovers, targeted phishing, credit fraud, SIM swaps and long-tail privacy breaches. Across the industry, the case underscores how third-party identity providers have become critical infrastructure and can become single points of catastrophic failure.” Cyber news said.
Based in California, IDMerit is a global identity verification and fraud prevention technology company that provides API-based solutions for KYC, AML and digital identity verification.
As of 2025, it operates with approximately 25-50 employees and serves a growing global customer base generating approximately $2.9 million in annual revenue. The company was founded in 2014 and trades as a privately held US technology provider.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
