Security Consequences of compromised passport data
The specifics will likely depend on your passport's originating country. Let's assume you're not actually British and instead have a US passport. Mine has the following information:
- Pretty clear picture of my face
- First, Middle, and Last name
- State of Birth
- Birthday
- Passport number
The adjacent page also contains a signature line, so depending on what exactly was exposed your signature may be included.
While this isn't strictly sufficient to perform identity theft, it's certainly pretty close. This is also much of the same information that is available on social media sites for many people. Assuming this is the information that's been released...personally I'm less than impressed. As already mentioned for many people it's already public.
A much more interesting aspect is that many US federal positions, particularly related to the Department of Defense, require a CISSP or CEH. Since the CEH is easier we can assume it's the more common. So with some clever filtering it may be possible to construct some fantastic social engineering data for a population that likely has some pretty fun access.
Even a fake passport scan was sufficient to take over a Facebook account generating $100,000/yr in revenue.
A real scan might be instrumental in taking over all sorts of other, more valuable accounts, such as crypto exchanges.
However, these are just known potential dangers of passport scans falling in the wrong hands. There is a thriving black market for identity details and passport scans in particular. If criminals can gain money by selling your passport scan, that means other criminals can gain more once they buy it, which means you likely have something to lose - in ways that may not be evident right away.
Recovering from identity theft is a long and painful process.