The State of Identity - February 28, 2025
In case you missed it, here’s a recap of some exciting news and developments this week impacting identity and fraud, cybersecurity, trust and safety, financial crimes compliance, and privacy and consent management.
??Innovation and New Technology Developments
Global Airports and Airlines Accelerate Biometric Check-Ins Amid Privacy Concerns
Biometric check-ins and bag drop processes are expected to be in place at over half of global airports by 2026, with 70% of airlines planning to adopt biometric identity management by 2025, according to SITA’s 2024 report. This adoption is anticipated to improve passenger processing times by 30% and reduce wait times by 60%. In 2024, airlines and airports invested around $46 billion in IT, focusing on biometrics, AI, and cybersecurity. However, concerns about data privacy and compliance with border regulations remain significant challenges. (Source)
Google Replacing SMS Authentication Codes for Gmail With QR Codes to Boost Security
谷歌 is phasing out SMS authentication codes for Gmail in favor of QR codes to enhance security and reduce fraud. Gmail spokesperson Ross Richendrfer noted that SMS codes are vulnerable to abuse by criminals and social engineering attacks. The transition to QR codes aims to bolster account protection by eliminating these risks. (Source)
Indian Government Strengthens Telecom Security With Aadhaar-Based SIM Verification and AI Fraud Detection
India is strengthening telecom security by introducing the Digital Integrated Verification System (DIVS) for SIM card registrations. The DoT now mandates Aadhaar-based biometric verification for new SIM activations to prevent fraud. New rules include multi-angle customer photos, SIM count monitoring per identity, and AI-based fraud detection. Retailers issuing fake SIMs will face penalties, enhancing security and aiding law enforcement. (Source)
?? Investments and Partnerships
IBM Acquiring DataStax to Boost AI, NoSQL, and Homeland Security Data Solutions
IBM plans to acquire DataStax to strengthen its AI and NoSQL data capabilities, benefiting homeland security agencies. DataStax’s Apache Cassandra expertise supports mission-critical applications, including for the VA and DISA. Integrating its hybrid vector database with IBM’s watsonx could enhance intelligence analysis, threat assessment, and zero trust security while enabling secure, scalable cloud data management. (Source)
ClearScore Secures €36.1 Million Debt Financing From HSBC to Expand Products and Services
London-based fintech ClearScore has secured €36.1 million in debt financing from HSBC Innovation Banking UK, which first backed the startup in 2017. ClearScore CFO Brian Cole says the funds will be used to expand the company’s product range and distribution channels. Founded in 2015, ClearScore initially offered an app to help consumers manage their credit scores and has since broadened its focus to include a data-driven credit marketplace and open banking services.?(Source)
UK Regulator Approves IBM's $6.4 Billion Acquisition of HashiCorp
The U.K.‘s Competition and Markets Authority (CMA) has approved IBM ’s $6.4 billion acquisition of HashiCorp . The CMA conducted a preliminary investigation but decided not to escalate it further, with a full explanation of its decision expected later. This approval aligns with the U.K.’s recent approach to avoid obstructing international tech deals. The acquisition still faces review by the U.S. Federal Trade Commission. IBM originally aimed to close the deal by the end of 2024. (Source)
NinjaOne Raises $500 Million at $5 Billion Valuation to Expand Autonomous Endpoint Management
NinjaOne , a Texas-based endpoint management company, raised $500 million in Series C funding from ICONIQ Growth and CapitalG, reaching a $5 billion valuation. The funds will enhance autonomous endpoint management and support the $252 million acquisition of Dropsuite for cloud data backup. Founder-led and debt-free, NinjaOne serves clients like Nvidia, Lyft, and Porsche, offering centralized monitoring, remote control, automated patching, and real-time alerts across multiple platforms. (Source)
Secret View Partners With iDenfy to Enhance Identity Verification and Compliance
Secret View has partnered with iDenfy to enhance identity verification and ensure DAC7 and GDPR compliance. iDenfy’s KYC platform, biometric facial recognition, and liveness detection verify user identities and government-issued documents from 200+ countries. The integration streamlines tax reporting, strengthens privacy protection, reduces fraud, and ensures compliance with global KYC standards. (Source)
A10 Networks Expands Cybersecurity Portfolio With ThreatX Protect Acquisition
A10 Networks, Inc has acquired ThreatX Protect’s assets and key personnel to strengthen its cybersecurity portfolio with web application and API protection (WAAP). This move enhances A10 Defend, securing applications across various environments. ThreatX Protect adds AI-driven threat mitigation, API protection, bot management, and a next-gen firewall. Remaining ThreatX assets will rebrand as Run Security, with TX Prevent becoming RS Prevent. The deal's financial terms were undisclosed but are expected to modestly boost A10’s earnings without impacting its 2025 outlook. (Source)
Illuma Labs Secures Strategic Financing From Stifel Bank to Advance Voice Biometrics and Market Expansion
Illuma Labs secured strategic financing from Stifel Bank to enhance its voice biometrics technology and expand market reach. The funding will help financial institutions improve consumer interaction security. This follows a $9 million Series A round and Illuma’s recognition for deepfake detection at FinovateFall 2024. CEO Miland Borker highlighted the financing’s role in strengthening their capabilities. (Source)
?? Policy and Regulatory
Chegg Files Antitrust Lawsuit Against Google Over AI Search Summaries
Chegg has filed a federal antitrust lawsuit against Google, claiming its AI-generated search summaries reduce traffic to Chegg’s site and impact revenue. The lawsuit, filed in Washington, D.C., alleges Google’s "AI Overviews" unfairly use Chegg’s content while limiting visibility for competitors, violating the Sherman Antitrust Act. CEO Nathan Shultz argues this reinforces Google’s monopoly, while Google denies the claims, asserting its AI benefits users and broadens site traffic distribution. (Source)
OKX Exchange Operator Aux Cayes FinTech Admits to AML Violations and Agrees to $504 Million Fine
OKX operator Aux Cayes FinTech admitted to violating AML laws and will pay over $504 million in fines, per the U.S. Department of Justice. For over seven years, OKX failed to enforce AML policies, allowing $5 billion in suspicious transactions. Despite KYC requirements, employees allegedly helped users bypass them. OKX cited “legacy compliance gaps” and stated U.S. users are no longer on the platform. Meanwhile, cases against crypto firms like Robinhood and Coinbase have been dismissed. (Source)
DISA Global Solutions Data Breach Exposes Information of Over 3.3 Million Individuals
DISA Global Solutions suffered a data breach affecting over 3.3 million people, including 360,000 in Massachusetts. Between February 9 and April 22, 2024, a hacker accessed its network, compromising Social Security numbers, financial data, and government-issued IDs. Due to limited logging, DISA couldn’t determine the full extent of the data exfiltrated. The company has notified affected individuals and authorities. (Source)
UK Government Shuts Down One Login Inclusion and Privacy Advisory Group
The UK Government Digital Service (GDS) has closed the One Login Inclusion and Privacy Advisory Group (OLIPAG), formed in 2023 to advise on privacy, inclusion, and accessibility. The 20-member group met from November 2023 to May 2024, affirming existing identity assurance principles, which GDS has updated in its documentation. GDS plans to form a new advisory group with a broader scope, though details remain unclear. Uncertainty also surrounds DSIT’s role in digital identity initiatives like the mobile driver’s license and Gov.uk digital wallet. (Source)
Critical Vulnerability in Enterphone MESH Allows Unauthorized Access to Buildings Across U.S. and Canada
The Enterphone MESH door access system by Hirsch has a critical vulnerability due to an unchanged default password, allowing remote access to doors and elevators in multiple U.S. and Canadian buildings. Hirsch refuses to fix it, claiming it's “by design” and that customers should have changed the password. Security researcher Eric Daigle found 71 exposed systems using default credentials, granting access to building controls. Rated 10/10 in severity, the flaw is easily exploitable with publicly available credentials. Despite the risk, Hirsch has only advised customers to follow setup instructions without committing to a fix. (Source)
Australia Bans Kaspersky on Government Systems Over National Security Concerns
Australia has banned Kaspersky security software on government systems due to national security concerns over foreign interference, espionage, and sabotage. A Department of Home Affairs risk assessment highlighted potential misuse of user data. Government agencies must remove Kaspersky by April 1, 2025, though exemptions may apply with safeguards. The ban also covers critical infrastructure and aligns with the U.S. ban in mid-2024 on Kaspersky sales and updates. (Source)
Health Net Federal Services Settles Cybersecurity Compliance Allegations for $11.25 Million
Health Net Federal Services (HNFS) and parent company Centene Corporation will pay $11.25 million to settle allegations of falsely certifying cybersecurity compliance under their Defense Health Agency (DHA) TRICARE contract. The DOJ claims that between 2015 and 2018, HNFS failed to implement required security measures but still submitted false compliance certifications. While HNFS and Centene deny wrongdoing, they agreed to the settlement, which does not protect them from future legal actions if new evidence arises. (Source)
?? More from Liminal
Stay ahead of market shifts, outperform competitors, and drive growth with real-time intelligence.
New reports provide a detailed analysis of market trends, vendor capabilities, and compliance challenges.
Stay tuned for updates on the event—T-minus 4 days until our 4th annual exclusive CEO gathering in Laguna, California