NCSA watchdog warns delivery firms after major data breach
Thailand’s National Cyber Security Agency (NCSA) sounded the alarm for logistics firms, urging them to step up customer data protection after a cyberattack exposed a major security flaw in one operator’s system. The warning comes as the Personal Data Protection Commission launches an investigation into the breach.
Air Vice Marshal Amorn Chomchoey, Secretary General of the NCSA, stressed that delivery firms handle a vast amount of sensitive consumer data, particularly with the boom in e-commerce, mobile apps, and courier services. Crucially, he noted that leaked delivery addresses pose a far more immediate risk than standard population registration data.
The targeted company, whose identity remains under wraps, fell victim to a devastating data leak due to a glaring weakness in its application programming interface (API).
The company, which boasts over 10,000 outlets nationwide, had an API system so vulnerable that cybercriminals easily exploited it. APIs, which allow different software systems to communicate, have become prime targets for hackers.
Investigators were tipped off to the breach during a police probe into the notorious Oreo gang. Cyber police arrested a gang member involved in distributing shocking torture videos and uncovered a web of cybercriminal activity. The suspect admitted the gang had been using stolen personal data to harass and target rival gamers.
Further interrogation revealed a disturbing link: a 16 year old page admin was recruited to harvest personal data from other gamers, using login credentials supplied by a 31 year old accomplice, reported Bangkok Post.
In response, AVM Amorn has laid out urgent guidelines for logistics firms to tighten security. Companies are being advised to enforce robust password policies, implement multi-factor authentication, encrypt API requests, and install auditing tools to monitor database access.
The NCSA is also pushing for anomaly detection systems to flag suspiciously high data requests, ensuring compliance with personal data protection laws.
With cybercriminals increasingly targeting weak links in the digital supply chain, the message is clear: tighten security or risk devastating breaches.
Latest Thailand News
