One Million Passport Scans Leaked After Cannabis Dispensary System Hacked

A database containing nearly one million passport scans from people around the world was leaked online. The passports were collected by cannabis dispensaries in the United States for age verification purposes. When customers wanted to prove they were old enough to purchase cannabis legally, they showed their passports, which were scanned and stored digitally. Hackers broke into this database and now those passport images are publicly available.

If you have ever visited a cannabis dispensary in the U.S. and showed your passport for identification, your passport scan may be in this leak. Your passport contains highly sensitive information including your full name, date of birth, passport number, photograph, and sometimes your address. This information could potentially be used for identity theft or to create fake documents.

Even if you do not use cannabis, this story is important because it shows how your sensitive documents can end up in unexpected places.

Here is what you should do right now:

1. If you used your passport at a cannabis dispensary, assume your information was exposed.
2. Monitor your credit reports closely for any suspicious activity. You can get free credit reports at AnnualCreditReport.com.
3. Consider placing a fraud alert on your credit file by contacting one of the three credit bureaus.
4. Watch for phishing emails or calls from people who might have your personal information and try to trick you into giving them more.
5. If you notice any suspicious use of your identity, report it immediately to local law enforcement and the Federal Trade Commission at IdentityTheft.gov. The bigger lesson here is to think carefully before handing over high value identification like passports. Whenever possible, use a driver's license instead of a passport for everyday verification like age checks at stores. Your passport is a powerful document meant for international travel, not routine transactions. Once someone scans it and stores it digitally, you have no control over how well they protect that information. Companies with low security standards can put your most important credentials at risk.