Personal Finance

Marriott breach: Here’s the risk of a compromised passport number

A compromised passport number could be your ticket to identity theft woes.

Marriott International announced Friday that hackers had accessed the reservation database for its Starwood Hotels brand, compromising data for 500 million guests.

For 327 million of those affected consumers, the hotelier said, the information compromised “includes some combination of” data points including name, mailing address, phone number, email address, passport number and date of birth. Some of those guests may also have had their payment card information compromised.

“For the remaining guests [in that 500 million total], the information was limited to name and sometimes other data such as mailing address, email address or other information,” they said.

Experts say the potential for stolen passport numbers makes it more important for affected travelers to keep an eye on their accounts and take steps to protect themselves. (See tips below.)

While plenty of individuals deal with a lost or stolen physical copy of their passport, it’s less common to see passport numbers included in a breach.

“Passports compromised on a massive scale is somewhat unusual,” said Eva Velasquez, chief executive and president of the Identity Theft Resource Center.

But not unheard of.

In August, Air Canada announced its app suffered a breach affecting about 20,000 users, and warned that passport numbers and other details may have been among the accessed data if users had provided them. Equifax said earlier this year that 3,200 passport images were stolen last year as part of its 2017 breach affecting some 148 million consumers.

One of the worst-case scenarios would be someone forging a passport with your number, leading to criminal identity theft. That risk is likely low, said David Kennedy, chief executive of TrustedSec, a white hat hacking and cybercrime investigations company.

“To replicate a passport takes a lot of effort,” Kennedy said. “I wouldn’t necessarily consider your passport compromised.”

Nor are breached passport details necessarily as dangerous as having your physical passport go MIA.

“There’s not much that can be done with a passport number alone, as long as you have the actual passport in your possession,” said Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse.

More from Personal Finance:
On the IRS naughty list: You failed to withhold enough pay for taxes in 2018
7 steps to start paying back your student loans
Online lending hasn’t removed discrimination, study finds

Concerned consumers should reach out to the State Department to determine next steps, which might entail reporting that passport as lost or stolen, Velasquez said. Renewing your passport would also result in a new number, Kennedy said.

The State Department did not immediately respond to requests for comment on how consumers should proceed.

The bigger risk for consumers is that combined with other data — including many of the other elements compromised in the Marriott/Starwood breach — having that passport number helps criminals build a profile of you that could be used to perpetuate other kinds of fraud, Stephens said.

Those credentials could be used to verify your identity to open new accounts online, or gain access to existing ones. All the more reason to take steps such as enacting two-factor authentication and setting up unusual transaction alerts on existing accounts, and freezing your credit to prevent new accounts from being opened.

“Really monitoring your credit is going to be important,” Kennedy said.

Products You May Like

Articles You May Like

Actor Edward Norton is trying to change how the TV industry measures viewership
Art Cashin: ‘Beyond this land there will be dragons’ if the stock market rout gets much worse
Cramer’s lightning round: There are better drug stocks to own than GlaxoSmithKline
Utility stocks soar to highest levels in a year as investors rush to safe havens
Investor fears about recession seem ‘overdone,’ IMF’s Christine Lagarde says

Leave a Reply

Your email address will not be published. Required fields are marked *