I agree what you say, the company that receives the KYC should be careful to check the incoming identity data, because if it is still like that, it is unfair to the person sending the real data.
But most of these ico companies can't... they do not have access to official databases. They are not authorized to do anything, they can check up your name against the public data that's available.