One of the worst-case scenarios would be someone forging a passport with your number, leading to criminal identity theft. That risk is likely low, said David Kennedy, chief executive of TrustedSec, a white hat hacking and cybercrime investigations company.
"To replicate a passport takes a lot of effort," Kennedy said. "I wouldn't necessarily consider your passport compromised."
Nor are breached passport details necessarily as dangerous as having your physical passport go MIA.
"There's not much that can be done with a passport number alone, as long as you have the actual passport in your possession," said Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse.
More from Personal Finance:
On the IRS naughty list: You failed to withhold enough pay for taxes in 2018
7 steps to start paying back your student loans
Online lending hasn't removed discrimination, study finds
Concerned consumers should reach out to the State Department to determine next steps, which might entail reporting that passport as lost or stolen, Velasquez said. Renewing your passport would also result in a new number, Kennedy said.
In an emailed statement to CNBC, the State Department said that it was aware that some individuals' passport numbers may have been disclosed in the Marriott breach, but that compromised passport numbers could not be used by the thieves for travel or to access any State Department records on that citizen.
"With respect to U.S. passports, we would like to assure U.S. citizens that the U.S. passport book and passport card are highly secure documents with numerous security features designed to prevent successful counterfeiting," the State Department said, in a statement.
The bigger risk for consumers is that combined with other data — including many of the other elements compromised in the Marriott/Starwood breach — having that passport number helps criminals build a profile of you that could be used to perpetuate other kinds of fraud, Stephens said.
Those credentials could be used to verify your identity to open new accounts online, or gain access to existing ones. All the more reason to take steps such as enacting two-factor authentication and setting up unusual transaction alerts on existing accounts, and freezing your credit to prevent new accounts from being opened.
"Really monitoring your credit is going to be important," Kennedy said.