One Million Passports Leaked Online From Cannabis Store Verification System

A database containing almost one million passport images and information was leaked online. The passports came from around the world and were collected by cannabis dispensaries during age verification checks. When customers showed their passports to prove they were old enough to purchase cannabis, the stores saved copies of this sensitive identification. That database was then hacked and exposed. If you or anyone in your family has visited a cannabis dispensary and showed your passport for age verification, your information may be in this leak. Your passport contains highly sensitive data including your full name, date of birth, passport number, photo, and nationality. Criminals can use this information for identity theft, to create fake IDs, or to target you for scams.

Here's what you should do right now:

1. If you used your passport at a cannabis dispensary, watch your credit reports closely for the next year. You can get free credit reports at AnnualCreditReport.com.
2. Sign up for fraud alerts with the three credit bureaus (Equifax, Experian, and TransUnion). This makes it harder for someone to open accounts in your name.
3. Be extremely cautious of any emails, texts, or calls claiming to be from government agencies. Scammers now have your passport details and may use them to make phishing attempts look more convincing.
4. Consider placing a credit freeze on your accounts if you're very concerned. This prevents anyone from opening new credit in your name. This breach illustrates an important lesson: use the minimum identification necessary. Cannabis stores only needed to verify your age, but they collected and stored your entire passport. In the future, use a driver's license for age verification instead of your passport when possible. Your passport is one of your most valuable forms of identification. Only provide it when absolutely necessary, like for international travel or official government purposes. Lower security businesses should not be storing copies of such high value documents.