Looking at “privacyrights.org” you can go to the 2022 data breach notifications. It is very easy to see that there are certain bits if personal information that could be floating around without you knowing. Looking at the first question of, “what do states count as personally identifiable information”. Most states say your full name, your social security number, and any kind of financial account number (just to keep it simple). Now by looking at the other questions you can see why it could be scary. Passports, bio metric information, and paper records are not covered as personally identifiable information in every state. If information of these things get out about you in certain states such as North Dakota, (which counts none of the three examples as personally identifiable information) then you wont be notified of that data breach.

This kind of information could be very important to researchers because they could use the information to run tests and see whose information such as their passport or bio metrics are online without their knowledge. The statistics of data breaches in the U.S. could be much higher than what is shown online if those articles are only taking into account breaches that people have been notified about. Then they could write their own studies to show how much information is actually acquired during data breaches while taking into account this other information that government or companies exclude. I personally would want to know if my passport or bio metrics were on the internet due to how many devices rely on that information