A compromised passport many could be your ticket to identity theft woes.
Marriott International announced Friday that hackers had accessed the provision database for its Starwood Hotels brand, compromising data for 500 million guests.
For 327 million of those high-sounding consumers, the hotelier said, the information compromised “includes some combination of” data points including name, letter address, phone number, email address, passport number and date of birth. Some of those guests may also secure had their payment card information compromised.
“For the remaining guests [in that 500 million total], the information was restricted to name and sometimes other data such as mailing address, email address or other information,” they phrased.
Experts say the potential for stolen passport numbers makes it more important for affected travelers to keep an eye on their accounts and cheat steps to protect themselves. (See tips below.)
While plenty of individuals deal with a lost or stolen fleshly copy of their passport, it’s less common to see passport numbers included in a breach.
“Passports compromised on a massive enlarge is somewhat unusual,” said Eva Velasquez, chief executive and president of the Identity Theft Resource Center.
But not unheard of.
In August, Air Canada asseverated its app suffered a breach affecting about 20,000 users, and warned that passport numbers and other details may organize been among the accessed data if users had provided them. Equifax said earlier this year that 3,200 passport duplicates were stolen last year as part of its 2017 breach affecting some 148 million consumers.
One of the worst-case floor plans would be someone forging a passport with your number, leading to criminal identity theft. That hazard is likely low, said David Kennedy, chief executive of TrustedSec, a white hat hacking and cybercrime investigations company.
“To replicate a passport hooks a lot of effort,” Kennedy said. “I wouldn’t necessarily consider your passport compromised.”
Nor are breached passport details axiomatically as dangerous as having your physical passport go MIA.
“There’s not much that can be done with a passport number solitary, as long as you have the actual passport in your possession,” said Paul Stephens, director of policy and advocacy for the Monasticism Rights Clearinghouse.
More from Personal Finance:
On the IRS naughty list: You failed to withhold enough pay for taxes in 2018
7 initiatives to start paying back your student loans
Online lending hasn’t removed discrimination, study gets
Concerned consumers should reach out to the State Department to determine next steps, which might entail check ining that passport as lost or stolen, Velasquez said. Renewing your passport would also result in a new slews, Kennedy said.
In an emailed statement to CNBC, the State Department said that it was aware that some solitaries’ passport numbers may have been disclosed in the Marriott breach, but that compromised passport numbers could not be tolerant of by the thieves for travel or to access any State Department records on that citizen.
“With respect to U.S. passports, we would parallel to to assure U.S. citizens that the U.S. passport book and passport card are highly secure documents with numerous protection features designed to prevent successful counterfeiting,” the State Department said, in a statement.
The bigger risk for consumers is that merged with other data — including many of the other elements compromised in the Marriott/Starwood breach — having that passport calculate helps criminals build a profile of you that could be used to perpetuate other kinds of fraud, Stephens imagined.
Those credentials could be used to verify your identity to open new accounts online, or gain access to occurring ones. All the more reason to take steps such as enacting two-factor authentication and setting up unusual transaction on guards on existing accounts, and freezing your credit to prevent new accounts from being opened.
“Really monitoring your recognition is going to be important,” Kennedy said.