StarkWare introduces 'Private KYC' to address personal data breaches

Zero-knowledge scaling company StarkWare has introduced Private KYC on Starknet, enabling users to complete know-your-customer requirements without revealing their full personal information.

The system, announced Tuesday as a demo, uses STRK20 privacy features and zero-knowledge STARK proofs to let users prove specific attributes, such as being older than 18 or holding valid credentials, without revealing their full passport details or address.

“Whether you need to prove you’re over 18, hold a valid credential or meet an eligibility rule, verification should only confirm the precise fact,” StarkWare said. Corporations should not collect the full identity behind it, “because every identity database becomes a liability the moment it exists.”

KYC compliance involves handing over personal information and trusting companies to keep it safe. The rollout comes as the US hit a record 3,322 data compromises in 2025, a 79% increase over five years, and the global average cost of a data breach is $4.4 million, according to StationX.

StarkWare users start by scanning their passport on their phones, using the camera and NFC chip to read and confirm the document is genuine and signed by its issuing authority.

They can then encrypt identity data to their Starknet wallet, register attributes in a public onchain registry, and submit zero-knowledge proofs for selective checks. Verifiers can confirm eligibility by reading the public registry without ever seeing the actual identity data.

Related: Privacy push as StarkWare and Sui move toward compliance-ready confidential transfers

“Private KYC shows that verification and privacy aren’t a trade-off,” StarkWare said. “An institution can confirm exactly what it needs without assembling another copy of someone’s identity it then has to defend.”

“Identity checks today ask for your whole document when they only need one fact,” the Starknet team said.

The system is similar to Sam Altman’s World ID (Worldcoin), which uses zk-proofs to verify humanness via iris scans on hardware orbs. However, World ID faced backlash over centralized biometric custody, whereas StarkWare’s self-custody model aims to address that issue.

Data breaches cost millions

According to Axis Intelligence, more than 1 billion health care records have been breached, with an average cost of $7.42 million, as of 2026. In the US, 772 large health care data breaches were confirmed in 2025, the highest annual total ever recorded.

The largest and most damaging data breach in the crypto industry occurred at hardware wallet provider Ledger, which suffered a massive database hack in 2020, resulting in the leak of more than 270,000 customer records and a wave of phishing attacks that continue to this day.

Magazine: Japanese pension fund tips 1% in crypto, G7 urges action on NK hackers: Asia Express