Authorities are hunting down a hacker who has threatened to release the personal data of 55 million Thais if the government agency allegedly involved in the leakage of information fails to meet a ransom demand by April 5.
Pol Lt Gen Worawat Watnakhonbancha, commissioner of the Cyber Crime Investigation Bureau (CCIB), said that the CCIB has asked the Ministry of Digital Economy and Society (DES) as well as the National Cyber Security Agency (NCSA) to look into the case and find out whether the personal data was hacked or leaked by certain officials.
According to media reports, a hacker named "9Near" posted on BreachForum -- a website where personal data leaked from state agencies and private companies is sold and bought -- that he had got hold of the personal data of 55 million Thais, including names, surnames, addresses, birthdates, ID card numbers and telephone numbers.
The hacker also announced on the website 9near.org that: "If you think the information has leaked from your organisation, contact us by April 5 at 4pm, Thai time, otherwise, we will reveal where the information has been leaked from and release all the leaked information to the public." The website also shows a live online countdown.
The message was also sent via SMS to several well-known newscasters, including Sorrayuth Suthassanachinda, who later posted on his Facebook saying he had received an SMS showing his personal data, such as his address, ID card numbers and telephone numbers.
DES Minister Chaiwut Thanakamanusorn yesterday insisted that personal ID card data kept by the Interior Ministry has not been leaked, adding that the ministry has already contacted the domain name service provider which is based overseas to block the website 9near.org.
Mr Chaiwut said the website has infringed upon personal data rights and intimidated others, posing a threat to national security and causing unjust panic.
So far, the ministry has not yet received a response from the service provider, Mr Chaiwut said, adding the ministry is also seeking a court order under the Computer Crime Act to take action against anyone involved.
Domestic internet service providers such as AIS, True and National Telecom have also been asked to block the website while the Personal Data Protection Committee has been asked to check if any government agencies have reported leaked information, he said.
Anyone involved in the hacking of personal data faces a jail term of up to five years under the Computer Crime Act, and those who misuse and abuse personal data face a jail term of one year and/or a fine of up to one million baht, he said.
The Rural Doctor Society yesterday posted on Facebook claiming that the leaked personal data came from the database of the Public Health Ministry's MOPH Immunisation Centre where information regarding the Covid-19 vaccination service is stored.
Permanent secretary for public health, Opas Karnkawinpong, said yesterday that the ministry had discussed the matter with the DES and the NCSA. He said that there was no confirmation as to which agency the information came from.
Deputy Prime Minister and Public Health Minister Anutin Charnvirakul also said that it was still not known if the information in question was leaked from the Mor Prom app. The app was initially developed to trace Covid-19 cases and for people to register their Covid vaccination appointments.
New features have been added to turn the app into a platform that links to pharmacies and many more public health service units.
Takorn Tantasith, former secretary-general of the National Broadcasting and Telecommunications Commission, posted on Facebook that the DES and the Personal Data Protection Committee must be held responsible for the leaked personal data.