55 Million Records: Thailand’s PII Massive Leak Unveiled

A colossal wave of stolen personal identifiable information (PII) from Thailand has crashed onto the shores of the dark web, marking a disturbing escalation in cybercriminal activities. This massive leak, unprecedented in its scale and audacity, has exposed the personal data of millions, casting a long shadow over the digital safety and privacy of Thai citizens.

The saga began with a bold announcement on the Breach Forum website by an entity self-styled as “9Near – Hacktivist,” claiming access to the personal details of 55 million Thai individuals. This staggering figure includes full names, birthdates, ID card numbers, and phone numbers, purportedly siphoned from vaccine registration records at the Public Health Ministry’s Immunization Centre. The swift response from Thailand’s Criminal Court to block sites distributing this data underscores the severity of the breach.

Image: Resecurity

As the narrative unfolds, the dark web, a notorious hub for cybercriminals, has become the stage for the dissemination of this stolen data. Cybercriminal entities, known as Naraka, have been reported circulating large volumes of Thai PII, obtained through breaches of consumer platforms, e-commerce, fintech, and government resources. These breaches are not random; they are targeted attacks exploiting the KYC (Know Your Customer) data repositories, rich with personal documents.

The early months of 2024 have witnessed an alarming uptick in data leaks, with at least 14 significant breaches making their rounds on cybercriminal forums in January alone. This represents a near surpassing of the annual volume of compromised records identified in the previous year, signaling a worrying trend of escalating cyber threats in Thailand.

Among the breaches, a notable incident involved one of Thailand’s largest bookstores, Chulabook, affecting over 160,000 users. Another breach disclosed personal data from Bangkok Industrial Gas Company Limited, highlighting the targeting of critical infrastructure. These breaches reveal a sinister pattern: stolen PII is not just traded but used in orchestrating sophisticated frauds, attacking financial organizations, and perpetuating scams.

The massive leak serves as a stark reminder of the critical need for improved data protection and proactive cyber defense tactics. For Thailand, it is imperative to strengthen its cybersecurity framework, enact stringent data privacy regulations, and foster a culture of digital vigilance. These measures are not merely about protecting data; they are about safeguarding the future of Thailand’s digital economy and its citizens’ privacy.

Via: REsecurity