The Department of Internal Affairs says Kiwis should be concerned as there is a pattern of organisations experiencing security breaches resulting in personal data being stolen.
Last week, Latitude Financial revealed a hack on its databases had affected around 330,000 customers in New Zealand and Australia. The company operates finance companies Genoapay and Gem Visa among others.
Copies of thousands of New Zealand driver's licences were stolen in the breach, and on Tuesday the Department of Internal Affairs (DIA) said more than 1300 New Zealanders have had their passport details stolen.
DIA deputy CEO Maria Robertson told Ryan Bridge on AM we should be concerned about the number of data breaches occurring.
"There's a pattern here of organisations where New Zealanders' data is being compromised and that is a great concern to us and should be a concern to everyone," Robertson said.
Cisco's first-ever Cybersecurity Readiness Index found around 86 percent of New Zealand organisations were not properly ready for the latest cybersecurity threats.
Robertson said Kiwis need to get savvier and start questioning why they are being asked for certain information and whether they might be at risk of oversharing data.
"There are some circumstances, for example with banks or financial institutions, where they have quite strict legal obligations to verify the identity of people that are trading with them," Robertson said.
"I think New Zealanders, generally, are oversharing their data and giving copies of things to individuals or companies that they really probably need to question."
However, if a consumer is a victim of a security breach, Robertson said passports are a high-strength travel documentation with your image on it, therefore, if someone makes a copy of it they can't use it for travel purposes or to impersonate you in real life scenarios.
But there is a whole lot of other data on a passport such as full name and date of birth, that people can use for a variety of reasons.
"What we would prefer is that companies and individuals are using digital forms of identification like Real Me, for example, to actually verify the identity rather than just handing over copies of their data," Robertson said.
Despite the Latitude breach, Robertson said it was not necessary to replace passports. However, if a customer is not comfortable with the details of a valid passport out there they can apply for a new one and should seek reimbursement from Latitude for the costs.