A massive data leak has exposed over 1 billion sensitive identity records across 26 countries, including the US, where more than 203 million records were left unsecured. The leak is tied to IDMerit, a company that provides identity verification services to banks and other financial institutions.
The database, which was not protected by a password, contained full names, home addresses, postal codes, dates of birth, national ID numbers, phone numbers, email addresses, and gender information. This data could be used by criminals to launch targeted phishing scams, SIM-swap attacks, and other forms of identity theft.
Researchers discovered the exposed database on November 11, 2025, and notified IDMerit, which secured the database the following day. While there is no public evidence that criminals have downloaded the data, automated bots can copy the information within minutes, posing a significant risk to affected individuals.
To protect yourself from this data leak, experts recommend taking the following steps:
1. Freeze your credit reports to prevent lenders from opening loans or credit cards in your name.
2. Switch to an authenticator app for two-factor authentication instead of text message security codes.
3. Use a password manager to create strong, unique passwords for every account.
4. Consider identity theft protection services that can alert you if your personal information is used to open accounts or appears on dark web marketplaces.
5. Enable extra security features on your mobile carrier account, such as a port-out PIN.
6. Run antivirus software on your devices to block malicious links and fake login pages.
7. Consider a personal data removal service to monitor where your information appears online and work to get it taken down.
8. Be skeptical of calls that reference your address, date of birth, or ID number, and hang up if you’re unsure.
By taking these steps, you can reduce your risk from this data leak and protect your sensitive identity information.
Source: https://www.foxnews.com/tech/1-billion-identity-records-exposed-id-verification-data-leak