A new data leak of global proportions is attracting attention: Around one billion personal data records from 26 countries have been found unprotected on the internet. Sensitive information such as full names, addresses, telephone numbers, email addresses, dates of birth, and even ID numbers are affected.
What makes this particularly alarming is that it wasn't a classic hacking attack. Instead, the data was freely accessible due to an unsecured database. This means that anyone with technical expertise could have accessed and downloaded this data.
The data leak was discovered on November 11 by the Cybernews team. Security researchers regularly scour the internet for publicly available databases to uncover vulnerabilities before cybercriminals exploit them. Other experts, such as Jeremiah Fowler, use a similar approach.
In this specific case, researchers discovered an unprotected database containing approximately one terabyte of structured personal data. The database was accessible without password protection. The affected company was immediately notified after the discovery, and the database was secured shortly thereafter.
According to Cybernews, the database belongs to IDMerit, a provider of digital identity verification solutions. The data it contains has been used by other companies to verify users in various countries, including the USA, Canada, Australia, Mexico, and many others.
Importantly, there is no evidence that hackers actively infiltrated the systems. Nevertheless, during the disclosure period, there was a real risk that cybercriminals could download the data and use it for later attacks.
Scope of the data leak: 26 countries affected
The data breach encompasses approximately one billion records from 26 countries. The following countries are particularly affected:
- United States: 204 million records
- Mexico: 123 million
- Philippines: 72 million
- Germany: 60 million
- Italy: 53 million
- France: 52 million
- Türkiye: 49 million
- Brazil: 39 million
- Spain: 31 million
- Malaysia: 24 million
- Vietnam: 21 million
- Argentina: 20 million
- Colombia: 18 million
- Peru: 14 million
- Canada: 12 million
- Australia: 12 million
- Greece: 9 million
- China: 8 million
- Hong Kong: 8 million
- United Arab Emirates: 6 million
- Norway: 4 million
- Romania: 4 million
- Armenia: 2 million
- Thailand: 2 million
- Yemen: 2 million
- Morocco: 1 million
The figures show how widespread the data leak is. The high number of records in the USA and Mexico is particularly striking. But Germany, with 60 million entries, is also significantly affected.
What data was disclosed
The database contained a large amount of sensitive personal information, including:
- Full names
- Addresses
- Postal codes
- Birth dates
- ID card numbers
- Telephone numbers
- Gender
- Email addresses
- Telecommunications metadata
- Status information on data breaches
- Notes on social media profiles
The data was stored in a structured manner. This means it could be specifically searched, filtered, and analyzed. For potential attackers, this significantly increases its attractiveness, as specific individuals or data types can be quickly identified.
Potential risks from the data leak
Even if no cybercriminals are directly behind this incident, they could still have found and downloaded the unprotected database. This poses several risks.
Full names, dates of birth, and ID numbers can be used to prepare for identity theft. Combined with email addresses and phone numbers, targeted phishing attacks are possible. Other conceivable consequences include:
- Account takeovers
- Credit fraud
- SIM swapping
- Fraud via fake support calls
- Abuse of online services
The combination of different data types is particularly problematic. The more information available about a person, the more credible fraud attempts can be.
Measures following a data leak
Following a data breach, affected individuals may be notified by mail. Such a notification letter may contain information on whether personal data has been compromised and what steps are recommended.
If free access to an identity theft protection service is offered, it can be used. Such services monitor credit activity and assist in recovering a stolen identity, among other things. In addition, the following measures are advisable:
- Be vigilant regarding suspicious emails and text messages.
- Do not share personal data without careful consideration
- Beware of unknown senders
- Regularly check bank and credit card statements
- Use of up-to-date antivirus software on Windows or Mac systems
Phishing emails can contain malicious attachments that install malware. An up-to-date security solution reduces the risk of infection.
Data leak without a hacker attack – and yet highly dangerous
The recent data breach, with approximately one billion records exposed, illustrates how serious the consequences of unsecured databases can be. Even without an active hacking attack, sensitive personal information can be accessible worldwide.
It is currently unknown whether and to what extent the disclosed data has been misused. However, one thing is clear: the combination of structured, extensive personal data and global reach makes this data leak one of the most significant incidents in recent times.
Further information from the company in question is still pending. Until then, this case once again demonstrates the importance of handling sensitive data responsibly and implementing consistent security measures. (Image: Shutterstock / janews)
- Perplexity says goodbye to advertising
- Apple Music Connect becomes a promo hub
- iOS 26.4: These changes are barely noticeable
- iOS 26.4: New sleep metrics and vital data
- tvOS 26.4 removes iTunes apps from Apple TV
- Anthropic releases Claude Sonnet 4.6 update
- Apple upgrades Private Cloud Compute with M5
- iOS 26.4 makes Hotspot data usage visible
- Apple stock: Wedbush remains calm despite Siri
- iOS 26.4 Beta reveals traces of Apple Health+
- iOS 26.4: Code indicates Apple TV in CarPlay
- iOS 26.4: All new features of Beta 1
- iOS 26.4 makes Apple Music smarter with AI playlists
- macOS 26.4 introduces load limiting for Mac
- visionOS 26.4 integrates NVIDIA CloudXR
- macOS 26.4 & iPadOS 26.4 with Safari update
- macOS 26.4 begins the final phase for Rosetta 2
- iOS 26.4: These are the new features in Apple Music
- iOS 26.4: New structure for wallpapers
- iOS 26.4: New standard for iPhone security
- iOS 26.4: New RCS encryption in beta testing
- Apple is expanding Apple Podcasts into a video hub
- iOS 26.4 Beta launched: Apple opens new testing phase
- Apple Music: New features for TikTok
