The Thailand Consumers Council has raised an alarm about a significant data breach affecting 19.7 million members, primarily elderly citizens, whose personal information was discovered for sale on the dark web. This breach encompasses a vast array of personally identifiable data, including names, addresses, phone numbers, ID numbers, emails, signatures, and even ID card photos. Supinya Klangnarong, chairwoman of the council’s subcommittee on Telecoms and ICT, emphasized the urgency for the Department of Older Persons (DOP) to acknowledge the breach and promptly inform the affected individuals to mitigate potential risks.
Despite the existence of the Personal Data Protection Act (PDPA), concerns have been raised regarding the slow response and inadequate enforcement measures following the breach. Ms. Supinya highlighted the elderly’s vulnerability due to their limited understanding of modern technology and suggested the development of digital functions tailored to their needs. Additionally, she proposed implementing safeguards such as delaying money transfers on systems like PromptPay to allow the elderly time to review transactions and detect potential scams.
In response to the breach, Minister of Social Development and Human Security Varawut Silpa-archa expressed apologies and assured that efforts are underway to review cybersecurity measures and protect citizens’ data. The DOP has taken action by filing a complaint with the Cyber Investigation Bureau (CIB), indicating steps towards addressing the security incident and preventing future breaches. However, the incident underscores the critical need for robust data protection measures and proactive steps to safeguard vulnerable populations from cyber threats.