If your passport number gets stolen by hackers, California Attorney General Anthony Becerra wants you to hear about it. He and state assembly member Marc Levine unveiled a bill Thursday that would require companies to inform customers when passport numbers and biometric data get caught up in a data breach.
"Knowledge is power, and all Californians deserve the power to take action if their passport numbers or biometric data have been accessed without authorization," Becerra said in a press release Thursday.
The bill comes in response to the breach of a Marriott-owned reservation system, made public in December, which compromised the information of about 383 million guests at the company's Starwood hotel chain. Hackers stole more than five million unencrypted passport numbers, as well as more than 20 million encrypted passport numbers. Marriott did notify customers if their passport numbers were stolen, Becerra noted, but it wasn't required by law.
Passport numbers are valuable to potential identity thieves because they provide one more point of data about potential victims. However, criminals would have to use the numbers in expensive and sophisticated forged passports to travel internationally with the information. Passports numbers can be changed by reporting a passport lost or stolen; the replacement passport will have a new number.
Biometric data has also been stolen in data breaches. In the breach on the US Office of Personnel Management in 2015, which government officials said they attributed to Chinese espionage, hackers stole 5.6 million sets of fingerprints belonging to federal employees. That number climbed from OPM's initial announcement that hackers stole 1.1 million fingerprints.