Is Your Identity Safe?
Every company that collects your identity documents is betting they won't get hacked. Here's how that bet has played out.
Click any row to see details and verify sources.
| Year | Company | Records | |
|---|---|---|---|
| 2025 | Discord Government ID photos | 70,000+ | |
| 2025 | NCX Exchange KYC documents, wallet data, 2FA keys | 2,000,000+ | |
| 2025 | Indian Financial Institutions KYC data | Unknown (500GB) | |
| 2025 | UK KYC Provider Selfies, IDs, passports, driver's licenses | Unknown (1GB) | |
| 2024 | Coinbase Government IDs, home addresses | 70,000 | |
| 2024 | Transak Government IDs, selfies | 92,554 | |
| 2024 | Signzy KYC data from banking clients | Unknown | |
| 2023 | MOVEit (60 banks) KYC records | 2,850,000 | |
| 2021 | MobiKwik IDs, passports, selfies, GPS locations, apps installed | 99,000,000 | |
| 2020 | Ledger Names, home addresses, phone numbers | 272,000 | |
| 2019 | Binance KYC verification photos | 10,000+ |
Last updated: March 2026. All incidents sourced from public reporting.
The Pattern
It follows the same cycle every time. A company collects your government ID, your selfie, your home address, your phone number. They store it on a server, or hand it to a third-party verification provider. That server gets breached, or that third party gets phished, or an employee gets bribed. Your data ends up on a dark web forum. You receive phishing emails, extortion threats, or worse.
The company issues an apology. They offer credit monitoring. They promise to “improve security.” Then it happens again, at a different company, with different people's data, following the exact same pattern.
The data collected to “protect you from fraud” becomes the tool used to defraud you. The identity documents gathered to “verify your identity” become the means to steal it.
It's not a question of if your KYC data will be leaked. It's when.