You may have already heard about the Marriott International data hack on Friday that potentially exposed guest addresses, emails, dates of birth, credit card numbers, and Starwood reservation information. Among the hacked data were passport numbers—possibly 327 million of them—raising questions like: If you were affected, do you need to get a new passport?
Over the weekend, Senator Chuck Schumer and fellow lawmakers called for Marriott to cover the $110 new passport fee for anyone who's info was compromised. As of yesterday afternoon, Marriott announced it would do just that, as long as customers can prove fraudulent activity took place.
“As it relates to passports and potential fraud, we are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident. If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport,” a Marriott spokesman told MarketWatch. The details of that process have yet to be announced.
Marriott is also offering those who were hacked a year of free personal information monitoring from Kroll, a risk consulting firm. The company tracks black market sites where personal information is shared to alert you if your data is compromised.
But it remains unclear what the hackers could actually do with just a passport number, The New York Times reports. The U.S. State Department announced Monday that travelers whose passport number was hacked in the breach should not apply for a new passport or report their number stolen unless the physical copy of the passport was actually lost or stolen. No one can travel internationally using just your passport number, and for thieves to order a new passport or replace a "lost" passport—without an expired or existing physical copy—they would need a birth certificate, social security number, state ID, photo, and an in-person application. So, "we do not recommend reporting your U.S. passport lost or stolen if your passport number was compromised," the agency reaffimed.
The greater concern is hackers using passport data to fake your identity or open fraudulent accounts. As we wrote last week, freezing your credit to prevent any new accounts, loans, or credit cards to be opened in your name and changing your passwords (yes, all of them, to all different passwords) is a good course of action. Marriott is also being explicit in its emails to customers, saying exactly what data was compromised; you'll know if your passport number was among them. For now, sign up for Kroll's Web Watcher service to stay apprised of the rest of your data's status. You can find more proactive tips on protecting yourself from hackers here.