PM Anutin personal data allegedly leaked and used on SSO site
Personal data of the Prime Minister (PM) Anutin Charnvirakul was allegedly leaked and then used to register for Thailand’s Social Security Office (SSO), with claims that weak security on the SSO website also allowed members of the public to access his data.
Software and blockchain technology specialist and the CEO of DomeCloud, Thanarat Kuawattanaphan, raised the issue on his Facebook account yesterday, April 1.
He pointed out that the SSO online system, developed at great expense, has many loopholes, to the point that people with just basic knowledge could impersonate others, misuse their rights, or access the data of others.
“This is more entertaining than expected. Following the nationwide data breach, it was discovered that the SSO website allows for the registration of anyone’s name using data that is bought and sold online.
“Someone used PM Anutin’s data to register for SSO membership and then illegally accessed all of his information. I wonder what other systems allow for such easy identity theft, but I bet there are more. Just wait and see. Thailand needs to switch to AAL2 nationwide to solve this problem.”
Thanarat also posted a screenshot from the SSO website, which showed Anutin contributing 750 baht per month to the fund in 2004.
Separately, another social media user claimed he was able to access a record of traffic law violations linked to Anutin. The user claimed the data showed 23 alleged traffic offences, each carrying a 500 baht fine.
The AAL2 or authenticator assurance level 2, which was mentioned in Thanarat’s post, is an identity verification standard under guidelines from the US National Institute of Standards and Technology (NIST). AAL2 requires multi-factor authentication (MFA) to provide a higher level of confidence in a user’s identity.
These latest claims follow a previously reported nationwide data leak raised in March by People’s Party MP Pawoot Pongvitayapanu. Pawoot said at the time that information linked to 66 million Thai people in the SSO database had been offered for sale on the dark web for 1,650 baht.
Pawoot claimed that the leaked data included names and surnames, identification numbers, parents’ personal information and medical information.
He also said officials responsible for the system had already fixed the issue to prevent further leaks, but that the leak and the remedial action were carried out without public notification. Pawoot said the SSO initially denied there was a breach when rumours first emerged.
Pawoot said he considered that unfair to the public and argued officials should have issued a warning or notified people whose information may have been affected, prompting him to post about the issue on Facebook.
As of the latest developments, no officials have clarified the alleged leak or issued a statement on the matter.
Latest Thailand News
Follow The Thaiger on Google News:
