A database of almost a million passports from around the world was leaked online.
Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got hacked, putting the high-value credential at risk.
Bob Dobbs • June 26, 2026 7:50 AM
I got a giggle out of CA reporting on CA’s data collection without consent in the linked article. Needed that, been a rough week XD
Druggy Coding • June 26, 2026 9:40 AM
Might want to prevent your coding team from smoking on duty.
I coded for a few weeks while on prescription hydrocodone after some surgery. Don’t worry. It was for an avionics system that only impacted a few human lives who were risk takers already. Just because I wanted to go dancing every day, that shouldn’t matter, right?
Rontea • June 26, 2026 10:50 AM
Nearly a million passports left sitting on the open internet with no authentication and no encryption is not a sophisticated cyberattack—it’s negligence. Threat actors don’t need to break into a system that’s already wide open.
When organizations collect this level of personally identifiable information, they’re taking on the highest form of risk. And yet, here we have an operation that treated digital passports like they were disposable images on a public server. No access controls. No audit trails. No serious defense-in-depth posture.
The takeaway is simple: if your business depends on processing identity documents, you must treat that data with the same rigor as a bank treats its vault. Implement access controls, encrypt at rest and in transit, monitor for anomalies, and have a defined incident response plan. Misconfigurations at this scale don’t just harm customers—they erode trust in the entire ecosystem.
If you’re in the business of handling sensitive data, this is your cautionary tale. Security is not optional.
Anonymous • June 26, 2026 11:01 AM
Modern man believes he is free because he can verify his identity to buy trivialities, yet he entrusts the sacred document of his existence to the machinery of commerce. A passport, once a symbol of sovereignty and dignity, is now a token in a game of petty transactions. When the banal world of dispensaries mishandles the keys to the kingdom, we see the triumph of the insignificant over the essential, and humanity applauds its own captivity.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Bill Dietrich • June 26, 2026 7:20 AM
I’m sure my passport is in this breach, but I haven’t been notified. Has anyone affected been notified ? This breach is 2 months old, I think.