Why you should be concerned about Marriott’s hacked passport numbers

Marriott International, the popular hotel chain, is still recovering from its giant data breach that affected 500 million people. Among the information that was stolen were passport numbers—and according to new reports from experts, this could be more dangerous than you might think.

Marriott says that they will pay for replacements if any customer becomes a victim of fraud. While the State Department insists that a fake passport could not be reproduced by a passport number alone, other experts are claiming that these numbers could open the door to other types of identity theft—and even threaten national security.

What makes this passport data breach a significant issue is due to the passport number connected to the person’s demographic information, like name and address. Criminals are now deploying a scam technique called Morphing.

The NIH explains it best: “Internet users, and even those using smartphones, now have access to a variety of face image manipulation apps that support the digital morphing of the face photos of two different people, with such images retaining facial information that is specific to both identities.”

By creating a counterfeit passport, the criminal can masquerade as their “morphed” counterpart. When doing a quick search online for a “Fake Passport”, it’s not difficult to find promises of counterfeits.

Marriott is setting up a service to work with clients who are affected by passport fraud. The hotel chain is also offering a service called Web Watcher which scans the dark web for victims’ stolen information, like passport numbers.

The Senate is paying attention to this, too, with Senator Charles E. Schumer (D-N.Y) saying that Marriott should pay the $110 fee for these customers to get a new passport. According to Connie Kim, a Marriott spokesperson, the company is creating a process to help any of its guests who experience fraud due to the breach, and confirmed that Marriott will indeed pay for replacement passports.

Barbara Underwood, the New York Attorney General, Brian Frosh, the Maryland Attorney General, and Josh Shapiro, the Pennsylvania Attorney General, are all opening investigations into the breach. After all, it highlights the need for stricter regulations when it comes to consumer privacy.

Senator Edward J. Markey (D-Mass.) said that just because you check into a hotel doesn’t mean that you should lose your sense of privacy.  He went on to explain that these types of breaches can certainly lead to things like financial fraud and identity theft. He called the breaches a “black cloud” over the bright economic future of the United States.

For people who believe they might have been victims of this hack, Marriott has set up a call center and website to help with any questions. It is also sending emails to every affected guest to further explain the incident and offer assistance.