Something massive happened in February 2026. The news of an alleged IDMERIT data breach erupted, without any evidence other than a poorly, written AI-generated news article with AI-generated images. News outlets relying on ghost writers did their part by copy-pasting the news without doing their due-diligence. Within 24 hours the damage was done. Welcome to the world of fake news, psychological coercion and manipulation tactics hackers employ today if you don’t give in to their threats.
Cybernews is a well-known as a peddler of fake news in cyber-risk watchers’ community. We’ve seen this in the past with their Persona coverage, a fake Graphene story, and now IDMERIT. This outlet has pops up every year exploding your feed with sensationalized headlines that sound like a cyber-doomsday in the happening. What we’re missing is the bigger story: How so-called hackers claim to be ‘in-house security researchers’ who break into your vault, send extortion emails, and when you don’t give in, publish Doomsday-headlines that may very well damage your reputation.
The most recent case is of IDMERIT, a global SaaS leader in providing identity verification and KYC solutions. As BotCrawl points out, the whole IDMERIT data breach story seems nothing more than a clickbait hoax. There’s also the question of credibility, now that there are cyber-risk watchers claiming Cybernews is infamous for its fake news.
Analyzing how ‘Data of Billions leaked’ story happened
Was there really a case of IDMERIT data leaked or is it just a clickbait to bring more views or, even worse, an extortion attempt.
In case of a genuine IDMERIT data breach, an external unauthorized third-party has to take action, since the company is simply a software provider. Industry professionals have noticed the lack of solid evidence other than AI-generated images as proof. Some even argue that the initiate set of evidence lacked more than just evidence. This includes forensic timestamps and proper identification of the data breach.
What’s even more interesting is that s even more interesting is that Cybernews IDMERIT data breach story is full of holes. The news claims Italy had 54 million records leaked, however the population of Italy is 55 million. Does this mean 99 percent of Italians use age verification services? The same goes for Netherlands. The whole story seems fake from the start. We get the classic sensationalized, doomsday headline, fake numbers, AI-generated images as evidence, and lastly, an AI-generated article.
The onus is on media for spreading fake news without evidence
The onus is also on the hands of those in media who saw big numbers and ran the story without conclusive evidence. Experts have claimed in the past that Cybernews is run by hackers who first attempt to extort companies and when it fails, simply run the news with fake headlines. We’ve seen this week with Persona and IDMERIT.
Hackers are finding novel ways to not only extort data from KYC and identity verification companies like Persona and IDMERIT, but are now running full-fledged extortion attempts that lead to reputational damage with fake headlines. Let this remain a cautionary tale for people working in the cyber security industry to be more careful when dealing with extortion attempts. Most importantly, we need to hold the media accountable for spreading fake news without doing their due diligence.