IDMerit
| Primary URL | Location | Industry | idmerit[.]com |
Country
United States of America
|
Technology
|
|---|
Profile
IDMerit, also known by its alias IDMerit, is an identity verification service provider headquartered in the United States of America. The company’s primary offering is the validation of personal data elements such as full name, residential address, date of birth, national identification number, telephone number, email address and gender information. These validation checks are performed on behalf of businesses that need to confirm the identities of their users or customers, typically to satisfy know‑your‑customer (KYC) and anti‑money‑laundering (AML) obligations. IDMerit describes its approach as a query‑based layer that contacts external data partners in real time rather than retaining the personal information it verifies. By acting as an intermediary, the firm aims to reduce the data‑storage burden on its clients while still delivering accurate confirmation of identity attributes. The service is marketed to organizations that operate in multiple jurisdictions, emphasizing the ability to cross‑check details against sources that span different countries and regulatory environments. Its client base includes entities that require rapid, automated checks during account opening or transaction monitoring.
Public disclosures concerning a security incident on 11 November 2025 provide insight into the scale of data that IDMerit handles. Researchers found an unprotected MongoDB database belonging to the company that exposed roughly one billion identity records, encompassing the same categories of personal data the firm normally validates. The breach affected individuals in 26 countries, with more than 203 million of the records linked to residents of the United States. After being notified, IDMerit secured the database the following day and issued a statement indicating that its internal review uncovered no vulnerability in its own systems, while its data‑source partners confirmed that no breach had occurred on their sides. The company reiterated that it does not store customer data, asserting instead that it relies on live queries to partner repositories to perform verification actions. This incident underscores the volume of identity information that flows through IDMerit’s verification pipeline, even though the firm maintains that it does not retain the data it processes. Together with its global partner network and its assertion of non‑storage, these characteristics define IDMerit’s distinct position within the identity‑verification sector.
