If ever there was a time for this emoji it’s now. IDMerit, whose job it is to verify identities for banks and other online platforms, was hacked. The breach exposed around one billion personal records from at least 26 countries (over 200 million in the U.S. alone).

 

Cybersecurity experts say that an AI-powered tool used by IDMerit exposed data including full names and addresses, phone numbers, DOBs, and even national identification documents. Worse still, it also exposed passwords and other identifiers that people use to access sensitive accounts like banks or credit cards. Unfortunately, IDMerit did not even discover the issue on its own; instead, an ethical hacker from Cybernews discovered that “certain data ports associated with independent data sources could have been open, which had the potential to expose certain databases.” Only then did they conduct an investigation which they say uncovered no vulnerabilities, but noted that they collaborate with lots of vendors and could not vouch for their security protocols.

 

What’s the risk now? According to Cybernews, “Downstream risks could include account takeovers, targeted phishing, credit fraud, SIM swaps, and long-tail privacy harms.” And, because the hackers used their own AI tools to complete this attack, they also have the tools to execute further mayhem that might otherwise take months to complete. For example, they could combine national ID information with telecom metadata to hijack your phone or user personal data to bypass identity checks, making it easy for hackers to impersonate victims on financial platforms.

 

While it’s difficult to imagine any small steps you take making a difference when even those who protect IDs are getting hacked, keep practicing good on-line hygiene whenever you can. Update your password often and use multi-factor authentication. Check and/or freeze your credit. And, as always, if someone calls or emails from an institution you usually trust, confirm it’s them by calling or emailing them back.

 

When all else fails, keep the aforementioned emoji on speed dial.