Dark web leak reveals 19.7 million Thai older persons’ personal data

A dark web data leak has exposed the personal details of 19.7 million members of the Department of Older Persons (DOP) in Thailand, sparking the Thailand Consumers Council to prompt immediate action. The council has implored the DOP to enlighten its members about the potential risks they face and to devise strategies that will ensure the protection of their data.

Supinya Klangnarong, leading the Telecoms and ICT subcommittee of the Thailand Consumers Council, asserted yesterday, February 10, the necessity for the DOP to acknowledge the data leak and inform the affected individuals. This approach would allow them to brace for any impending risks.

A report issued on January 22 by Resecurity, a private cybersecurity firm based in the US, unveiled 19,718,687 lines of personally identifiable information (PII). The exposed data featured names, addresses, phone numbers, ID numbers, emails, signatures, and ID card photos of Thai citizens, all available on the dark web. The DOP was identified as the source of the data leak.

Supinya expressed deep concerns over the data breach. She pointed out the current predicament where delays in taking action and weak enforcement prevail, despite the existence of the Personal Data Protection Act (PDPA). She also underscored the elderly’s limited knowledge about modern technology, suggesting that the government should create digital functions that cater to their needs, reported Bangkok Post.

One such functionality could be a delay feature in the PromptPay payment system, where money transfers could be held for 15 or 30 minutes before being processed. This would allow them to review their transactions and ensure they are not victims of scams.

Supinya also advised that the government should regularly provide updates to the elderly, including warnings and tips on maintaining online security.

In contrast, Varawut Silpa-archa, the Minister of Social Development and Human Security, stated that the volume of the leaked data is less than reported. As the minister, he extended sincere apologies.

To counteract the breach, the ministry has collaborated with various parties, including the Office of the Personal Data Protection Committee and National Cyber Security Agency. The objective is to review cyber security measures to safeguard citizens’ data. Furthermore, the DOP has complained about the incident with the Cyber Investigation Bureau (CIB).