The Fox article just cites CyberNews.[0]

Cybernews posts screenshots[1] featuring usernames like idmKYCCN and idmKYCFR, and the ports were locked down after contacting ID Merit.

I think thay what's happened is that everyone is telling the literal truth and speaking very carefully to use that truth to obscure rather than inform. To hell with the victims. The way I intrerpet this is that their denials are both factually accurate AND misleading.

The partner who said there is "no indication that any customer data has been compromised" is telling the literal truth. They can't find any indicators because they stink at logging and the screenshots posted on CyberNews obscure the customer info intentionally. Instead Cyber News only shows the IDM usernames in plaintext. Which was the responsible thing to do They literally cant see any indications... of customer data... because they dont have logs.

It should also be noted that the Partners customer in this case is likely ID Merit... not the people whose information was stolen. So again, their statement was literally true even if they do find evidence of a billion records being leaked.

Nobody should ever trust anyone involved in this again if I'm correct in this interpretation of the available facts.

[0] https://www.foxnews.com/tech/1-billion-identity-records-expo...

[1] https://cybernews.com/security/global-data-leak-exposes-bill...