Police are closing in on the hacker who threatened to release data stolen in an alleged security breach affecting 55 million Thais, said Digital Economy and Society (DES) Minister Chaiwut Thanakamanusorn.
He said significant progress is being made in the probe into the incident in which the person named “9Near” posted on BreachForum that he had personal data of 55 million Thais, including names, surnames, addresses, birthdates, ID card numbers and telephone numbers.
The hacker threatened to expose the information if the government agency allegedly involved in the data breach failed to meet a ransom demand by April 5. The Cyber Crime Investigation Bureau (CCIB) is investigating if the personal data was stolen or leaked by certain officials.
Mr Chaiwut said police have narrowed down potential suspects and the case will be concluded soon. However, the DES ministry declined to say which government agency is involved in the data theft until the perpetrator is arrested and charged.
“We’ve narrowed down the potential suspects but I think we’d better leave it to police,” said the minister.
He said security vulnerabilities could occur when state agencies that provide public services want to make it easy for people to get their services, adding people may soon find accessing services more complicated but it is for the sake of data security.
The DES Ministry on Monday hosted a meeting on data security for government agencies that possess large amounts of data including the Interior Ministry, the Public Health Ministry and the Election Commission following the alleged data theft.
Wisit Wisitsora-At, DES permanent secretary, said the meeting was to establish facts surrounding the incident, to ask state agencies to assess their security risks and raise awareness about the Personal Data Protection Act (PDPA).
Citing AVM Amorn Chomchoey, secretary-general of the National Cyber Security Agency (NCSA), Mr Wisit said Thailand Computer Emergency Response Team (ThaiCert) has been working with several state agencies to address security flaws after detecting security breaches.
Mr Wisit said the meeting also discussed how to promote a wider use of digital ID and push for development of digital identity verification system to tackle fraudulent online transactions.
Meanwhile, the Thai Consumer Council (TCC) has stepped up calls for the government to do better to protect people against data theft as the incident has caused a widespread scare among consumers.
In its statement, TCC said a task force must set up to look into the case not only to arrest the culprit but also assess the extent of damage caused by the information leak.
It said the state agency involved in the security breach must be identified and it must take responsibility over the incident.
The government must put in place better measures to improve personal data protection and make the issue national agenda as the country transits into the digital economy, according to the TCC.