Cyber woes: DOP’s PDPA breach prompts CIB intervention
A violation of the Personal Data Protection Act (PDPA) led the Department of Older Persons (DOP) to complain to the Cyber Investigation Bureau (CIB) yesterday. The data breach, involving the DOP’s website, raised alarm bells regarding the possible misuse of personal information.
Under the directives of Social Development and Human Security Minister Varawut Silpa-archa, Raemrung Worawat, the DOP’s director-general, reported the breach to both the CIB and the Personal Information Protection Committee. The action was in response to a revelation by Resecurity, a US-based cybersecurity firm, on January 22.
The startling report by Resecurity claimed that personal identifiable information (PII) of Thai citizens, found on the dark web, was leaked from public sector platforms. The DOP website was among those compromised in the data leak, which occurred in January.
The report exposed the magnitude of the data leak, disclosing that around 19,718,687 records of personal data, encompassing names, addresses, ID numbers, as well as images of ID cards and photos of individuals with their IDs were compromised.
The report further highlighted that the compromised data has been misused at least 14 times on cybercrime platforms, predominantly for consumer fraud. The origin of the breach remains unknown, but the report suggested a growing trend of cyber-attacks targeting Thai government agencies, reported Bangkok Post.
In a bid to tackle the issue, the DOP has enlisted the aid of experts and developers to investigate the incident. Raemrung Worawat, the department’s chief, stated that any individuals implicated in the leak would face prosecution.
The DOP has also instructed all relevant units to secure all personal identifiable information in their databases. The department has implemented multiple systems to increase information security and protection, with the director-general emphasising the need for closer monitoring of data safeguarding systems and improved security measures.
In related news, Thailand’s Criminal Court shut down 9near.org, averting a potential data breach that could have affected 55 million citizens; Resecurity warned of surging cyber threats.