Thailand's cybersecurity negligence causes personal data breaches

Thailand is Cambodia's neighbor to the West, and this forum is dedicated to Thai news, stories, reviews, blogs, videos, Thai people and anything else related to the country. A lot of expats have both lived and worked in Cambodia and Thailand, and this area is a place to discuss all aspects of life in Thailand and what's going on there. Most topics are about Bangkok and Pattaya because of their larger populations of expatriates and tourists in those cities, but this is for all things Thai.
User avatar
yong
Expatriate
Posts: 4267
Joined: Thu Mar 08, 2018 12:03 pm
Reputation: 2769
Thailand

Thailand's cybersecurity negligence causes personal data breaches

Post by yong »

https://asia.nikkei.com/Business/Techno ... 7&si=44594

Thailand's cybersecurity negligence causes personal data breaches
Data law delay blamed for accidental release of records of 106m tourists

Image
Thailand's cybersecurity readiness is being questioned amid reports that tourists' personal details were recently exposed online. (Nikkei montage/Reuters/AP)
MASAYUKI YUDA, Nikkei staff writerSeptember 24, 2021 13:26 JST

BANGKOK -- Thailand's cybersecurity readiness has come under question, after reports that tourists' personal details were recently exposed online, potentially hurting a much-needed recovery of the key sector.

The information of around 106 million visitors to Thailand was accessible to all on the internet, according to cybersecurity research firm Comparitech earlier this week. The database was discovered by Bob Diachenko, one of the company's researchers on Aug. 22. Thai authorities removed the data the next day, after being alerted by Diachenko.

The 200-gigabyte database contained each visitor's full name, sex, passport number, residency status, visa type, Thai arrival card number, and date of arrival in Thailand. Dates on the records ranged from 2011 to this year.

"We do not know how long the data was exposed prior to being indexed," Comparitech said. The National Cybersecurity Agency of Thailand confirmed the breach, but said it had not found any attempts to sell the data on the internet.

The breach comes at a particularly awkward time for Thailand when it is aiming to gradually reopen to visitors who are vaccinated against COVID-19. Phuket, an island in the south, is its so-called sandbox experiment, having welcomed 35,068 tourists since it fully opened its doors to vaccinated visitors in July.


Image
Phuket, an island in the south of Thailand, has been open to vaccinated foreign tourists since July but there are now fears that poor cybersecurity could hinder a recovery in the sector. © Reuters

The government now wants to open five more provinces including Bangkok from October to vaccinated tourists. But that plan hangs in the balance, as the vaccination program in Bangkok and those provinces is not expanding at the rate the government had hoped to make viable any reopening.

Reviving tourism is vital to the recovery of Southeast Asia's second largest economy, as the sector and related businesses accounted for 20% of Thailand's gross domestic product before the pandemic hit. Tourists might now be put off by Thailand's poor cybersecurity.

In large part, the data breach can be blamed on the delayed implementation of the personal data protection act. That act was approved by the former junta government in February 2019 and was scheduled to come into full force in May 2020, but was twice postponed to give organizations time and financial room to ramp up efforts. It is now expected to be enacted on June 1, 2022.

Had the law been brought in as initially planned, both the public and private sectors would have upped their game in cybersecurity. Under the act, breaches must promptly be reported to the National Cybersecurity Agency, or parties face fines of 200,000 baht ($5,960). Organizations that have been hacked must show proof of proper defenses against cyberattacks, or face penalties under the law.

The urgency of implementation has been brought to the fore by recent cyberattacks on companies. CP Freshmart, a retail business arm of Charoen Pokphand Foods, said on Sept. 7 that the system containing user information was hacked. Around 594,585 items, including passwords, full names, mobile phone numbers, emails, and addresses, were put up for sale on a black market for data.

The company insisted that no credit card and financial information was stolen. Charoen Pokphand Group is Thailand's largest conglomerate.

Regional airline Bangkok Airways was another recent victim. It sent out an email to some customers on Aug. 28, informing them that passenger names, nationalities, phone numbers, emails, addresses, passport details, historical travel and some credit card information had been stolen.

Image
Regional airline Bangkok Airways said recently that customer information had been stolen. © Reuters

Indonesia has also recently suffered similar embarrassments. In early September, Indonesian President Joko Widodo's COVID-19 vaccine certificate was leaked online, including his national identity number, the type of vaccine he received, and the time at which he received it. The data was accessible on the Pedulilindungi app, the government's official vaccine monitoring app.

The government sought to play down concerns over data protection on that app by saying that the president's national identity number was available on the general elections commission website anyway, while his date of vaccination was already widely reported on.

"The government urges the public to remain calm and not be provoked by inappropriate information related to the PeduliLindungi system," it said.

The leak came just days after encryption provider vpnMentor said it discovered a breach in the Indonesian government's test-and-trace app for people entering Indonesia. "The app developers failed to implement adequate data privacy protocols and left the data of over 1 million people exposed on an open server," the company said. Leaked data included passenger ID and COVID-19 test results.

"Our team discovered [the app's] records with zero obstacles," it said.

Additional reporting by Shotaro Tani in Jakarta
techietraveller84
Expatriate
Posts: 567
Joined: Wed Jan 08, 2020 10:04 pm
Reputation: 167
United States of America

Re: Thailand's cybersecurity negligence causes personal data breaches

Post by techietraveller84 »

Thailand seems to be getting hit with breach after breach lately!
User avatar
Alex
Expatriate
Posts: 2593
Joined: Thu May 15, 2014 2:09 am
Reputation: 2298
Location: Bangkok
United States of America

Re: Thailand's cybersecurity negligence causes personal data breaches

Post by Alex »

techietraveller84 wrote: Fri Nov 05, 2021 9:26 am Thailand seems to be getting hit with breach after breach lately!
Indeed. What are the odds that the Thailand Pass, which must have been cobbled together in a hurry, will be next?
Post Reply Previous topicNext topic
  • Similar Topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: jaynewcastle and 207 guests