Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.
Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.
Here are the main industry highlights of this week week impacting identity and fraud, cybersecurity, trust and safety, financial crimes compliance, and privacy and consent management.

🪄Innovation and New Technology Developments
Illinois to Introduce Mobile Driver’s Licenses in Apple Wallet by 2025
Illinois plans to introduce mobile driver’s licenses (mDLs) in Apple Wallet by late 2025, allowing residents to use iPhones or Apple Watches for ID. Led by Secretary of State Alexi Giannoulias, the program will expand to other digital wallets, focusing on security and privacy. Optional and complementary to physical IDs, Illinois joins 10 other states in adopting digital IDs, emphasizing benefits like real-time updates and privacy protection. (Source)
UK’s AI-Driven “Plan for Change” Targets Growth, Innovation, and Global Leadership
The UK government has launched an AI-driven “Plan for Change” to boost economic growth and living standards, committing to the AI Opportunities Action Plan and securing £14 billion in private tech investment. Key initiatives include AI Growth Zones, streamlining public sector processes, and forming an AI Energy Council. Labour leader Keir Starmer stressed the need for the UK to lead in AI, citing NHS advancements and insights from experts like Sir Demis Hassabis. Tony Blair underscored digital identity as vital for modern governance despite privacy concerns. Together, AI and digital ID aim to enhance productivity, public services, and economic competitiveness. (Source)
💰 Investments and Partnerships
iCapital Acquires Parallel Markets to Streamline Alternative Investments with Digital Identity Integration
iCapital has acquired Parallel Markets to integrate its reusable investor passport technology into alternative investments. This innovation streamlines KYC/AML verification and reduces redundant onboarding with a universal digital identity. The acquisition aims to enhance scalability for fund managers and wealth advisors while improving compliance in changing regulatory landscapes. While terms remain undisclosed, both companies highlight the potential for greater efficiency and cost savings in private market investing. (Source)
Orchid Security Secures $36M Seed Funding to Revolutionize Enterprise Identity Management with AI
Orchid Security, a New York-based identity-first security startup, has raised $36 million in a seed round co-led by Team8 and Intel Capital. The company leverages large language models (LLMs) to simplify enterprise identity and access management (IAM) across over 1,200 applications, from on-premise systems to SaaS. Orchid’s platform automatically discovers applications, evaluates authentication flows, and uses AI to identify vulnerabilities and suggest fixes without requiring code access or input from application owners. Founded by the team behind enSilo, the startup has partnered with companies like Costco and Repsol to enhance identity security management. (Source)
Daon Partners with ELEMENTS to Strengthen Japan’s Digital Identity Authentication Market
Daon, a Digital Identity Trust company, has partnered with Japan-based image recognition firm @ELEMENTS following ELEMENTS’ majority acquisition of Polarify Consulting Inc , a joint venture between SMFG , Daon, and NTT DATA. This deal strengthens ELEMENTS’ position in Japan’s identity authentication market, providing eKYC and authentication services. Leveraging Daon’s expertise as Polarify’s core identity provider, the partnership ensures continuity for existing customers while exploring new opportunities in identity authentication and fraud prevention, including collaborations with ELEMENTS subsidiary Liquid, specializing in online identity verification. (Source)
Float Financial Secures $48.5M Series B to Scale Expense Management and Corporate Cards for Canadian SMBs
Float, a Toronto-based fintech specializing in expense management and corporate cards for Canadian SMBs, has raised $48.5 million in a Series B round led by Goldman Sachs Growth Equity, with participation from OMERS Ventures and others, bringing total funding to $92.6 million since 2020. Dubbed the “Brex of Canada,” Float has grown its offerings to include bill pay, high-yield accounts, AP automation, and multi-currency cards. Despite economic challenges, the company reports a 50x revenue growth since its 2021 Series A. CEO Rob Khazzam highlights the untapped potential of Canadian SMBs, with plans to use the funding to expand products, scale regionally, and grow its team. (Source)
Darktrace to Acquire Cado Security to Enhance Cyber Investigation and Response Capabilities
Darktrace plans to acquire UK-based incident investigation firm Cado Security, with the deal expected to close in February, subject to regulatory approval. While financial terms remain undisclosed, reports suggest a valuation between $50 million and $100 million. Cado Security specializes in cyber investigation and response across multi-cloud, container, SaaS, and on-premises environments. Darktrace intends to integrate Cado’s technology with its ActiveAI platform while retaining Cado’s team and leadership. Since 2020, Cado Security has raised over $31 million through three funding rounds. (Source)
⚖️ Policy and Regulatory
Block Settles for $80 Million Over Cash App BSA/AML Violations and Commits to Compliance Overhaul
Block has agreed to pay an $80 million fine and implement corrective measures after 48 state financial regulators alleged its Cash App service violated Bank Secrecy Act (BSA) and anti-money laundering (AML) laws. The settlement includes hiring an independent consultant to review and improve its BSA/AML program within a year. Block stated it has increased compliance investments to meet regulatory standards. Separately, the company settled a $15 million lawsuit over a 2021 data breach that affected 8.2 million Cash App users. (Source)
Supreme Court to Decide Proper Legal Standard for Texas Pornography Age-Verification Law
The Supreme Court is reviewing the constitutionality of Texas’ 2023 age-verification law for pornography websites, which requires “reasonable age verification methods” for content harmful to minors. Opponents, including the Free Speech Coalition, argue it infringes on adults’ First Amendment rights and raises privacy concerns through mandatory digital or government ID checks. A district court blocked the law using “strict scrutiny,” but the 5th Circuit reversed, applying “rational-basis review” and allowing it to take effect. The Supreme Court will decide whether strict scrutiny applies, potentially sending the case back for reconsideration, or affirm the 5th Circuit’s decision. The Biden administration supports strict scrutiny while acknowledging states’ ability to protect children online. (Source)
UK Government Proposes Ban on Ransomware Payments for Public Sector and Critical Infrastructure
The U.K. government has proposed banning public sector and critical infrastructure organizations from paying ransomware demands to deter cybercriminals. The move follows major attacks, such as one on the NHS that disrupted patient care. The proposal includes mandatory reporting of ransomware incidents and safeguards to prevent payments to sanctioned entities. The National Cyber Security Center reports a rise in ransomware attacks, often by Russia-linked groups targeting critical infrastructure. A public consultation on the proposals runs until April 2025, though there are no immediate plans to present the measures to Parliament. (Source)
U.S. Disrupts Chinese State-Backed Hacking Campaign Using PlugX Malware
U.S. authorities have disrupted a Chinese state-backed hacking group, “Twill Typhoon” (aka “Mustang Panda”), which used the malware “PlugX” to infiltrate millions of computers worldwide in a long-term espionage campaign. On January 9, 2025, the Department of Justice revealed that, with court approval, the FBI removed PlugX malware from thousands of U.S. systems during an August 2024 operation led by French authorities with support from cybersecurity firm Sekoia. Active since 2014, PlugX, often installed via USB ports, was used to steal sensitive files, targeting European shipping firms, Indo-Pacific governments, and Chinese dissident groups. Despite allegations of funding the group, the Chinese government denies involvement. (Source)
Gravy Analytics Data Breach Exposes Sensitive Location Data of Millions Worldwide.
A breach at Gravy Analytics exposed millions of location data points from apps like fitness trackers and dating platforms, revealing movements through sensitive sites and private homes. Stolen via a misused Amazon cloud key, the data risks deanonymization, endangering vulnerable groups like LGBTQ+ individuals. Following an FTC ban on its data practices, Gravy’s reliance on real-time ad bidding highlights privacy risks. Experts advise using ad blockers, limiting location permissions, and disabling app tracking. (Source)
Supreme Court Weighs TikTok Ban Amid National Security Concerns and First Amendment Debate
The U.S. Supreme Court is reviewing TikTok’s challenge to a law requiring it to sever ties with ByteDance or face a U.S. app store ban by January 19, 2025. The government cites national security concerns over potential data misuse and disinformation, while TikTok argues the ban violates First Amendment protections. If enforced, TikTok would lose app store access, updates, and functionality. President-elect Donald Trump supports delaying the ban for negotiations, but legal and legislative issues persist. The U.S. would be the first Western democracy to impose a full ban, following India’s example, while NATO and European nations have limited restrictions. (Source)
Frank McCourt’s Project Liberty Leads Bid to Acquire TikTok’s U.S. Assets Amid Regulatory Deadline
Billionaire Frank McCourt’s Project Liberty, through The People’s Bid consortium, has formally proposed acquiring TikTok’s U.S. assets from ByteDance ahead of the January 19 divestment deadline. The consortium, backed by private equity, family offices, high-net-worth individuals, and debt financing from a major U.S. bank, aims to preserve TikTok while replacing its current algorithm. (Source)
Biden Administration’s Cybersecurity Order to Promote Mobile Digital Identity Adoption in Public Programs
An upcoming Biden administration cybersecurity executive order will promote digital identity documents like mobile driver’s licenses (mDLs) for public benefit verification. In development for seven months, the order focuses on interoperability, data minimization, and potential funding for state mDL adoption, guided by NIST standards. It also addresses privacy, bias, and identity proofing challenges while reducing reliance on data brokers and credit bureaus. A pilot notification system will alert individuals when their identity is used in benefit applications. (Source)
🔗 More from Liminal
Access the Market & Buyer’s Guide for Third-Party Risk Management in Link for insights to strengthen compliance and tackle emerging risks as the TPRM market nears $19.9 billion by 2030.
Access Market & Competitive Intelligence
Our award-winning Link™ platform empowers you to monitor trends, access benchmark research reports, explore use cases, and more.
Interested in attending? Request an invite to our 4th annual exclusive CEO event, which will be held in Laguna Beach, California.