Police are closing in on a hacker who threatened to release data stolen in an alleged security breach affecting millions of Thais, said Digital Economy and Society (DES) Minister Chaiwut Thanakamanusorn.
The minister said significant progress is being made in the probe into the incident in which the person named “9Near” posted on BreachForum that he had personal data of 55 million Thais, including names, surnames, addresses, birthdates, ID card numbers and telephone numbers.
The hacker threatened to expose the information if the government agency allegedly involved in the data breach failed to meet a ransom demand by today. The Cyber Crime Investigation Bureau (CCIB) is investigating if personal data was stolen or leaked by certain officials.
Mr Chaiwut said police have narrowed down potential suspects, and the case will be concluded soon. However, the DES ministry declined to say which government agency is involved in the data theft until the perpetrator is arrested and charged.
“We’ve narrowed down the potential suspects, but I think we’d better leave it to the police,” he said.
He said security vulnerabilities could occur when state agencies that provide public services want to make it easy for people to get their services, adding people may soon find accessing services more complicated, but this would be done for data security reasons.
The DES Ministry hosted a meeting yesterday on data security for government agencies that possess large amounts of data, including the Interior Ministry, the Public Health Ministry and the Election Commission.
Wisit Wisitsora-At, DES permanent secretary, said the meeting was to establish what occurred with the incident and to ask state agencies to assess their security risks and raise awareness about the Personal Data Protection Act.
Citing AVM Amorn Chomchoey, secretary-general of the National Cyber Security Agency (NCSA), Mr Wisit said the Thailand Computer Emergency Response Team has been working with several state agencies to address security flaws after detecting security breaches.
Mr Wisit said the meeting also discussed how to promote the wider use of digital IDs and push for developing a digital identity verification system to tackle fraudulent online transactions.
Meanwhile, the Thai Consumer Council (TCC) has stepped up calls for the government to do better in protecting people against data theft.
In its statement, the TCC said a task force must be set up to look into the case not only to arrest the culprit but also to assess the extent of damage caused by the theft.
It said the state agency involved must be identified, and it must take responsibility for the incident.
The government must improve its record on data protection as the country transits into the digital economy, according to the TCC.