Personal data of 106 million international travellers to Thailand was found to have been exposed online in August before it was quickly secured by Thai authorities, according to Comparitech, a cybersecurity research firm.
The National Cybersecurity Agency (NCSA) confirmed the incident happened last month, and said it had not detected any attempts to sell the data on underground websites.
Comparitech indicated the database included full names, sex, passport numbers, arrival dates, visa types and residency status. ADVERTISEMENT
According to the research firm, the database was indexed by search engine Censys on Aug 20 and it was discovered two days later by Bob Diachenko, who leads Comparitech’s cybersecurity research, who immediately alerted Thai authorities.
Thai authorities secured the database on Aug 23.
As the dates on the database records run from 2011 to the present, Mr Diachenko said all those who travelled to Thailand over the last decade might have had their information exposed.
According to Comparitech, Thai authorities responded quickly to the disclosure, however “we do not know how long the data was exposed prior to being indexed”.
Grp Capt Amorn Chomchoey, acting secretary general of the NCSA, told the Bangkok Post the incident occurred last month. A white hacker informed authorities they should fix the issue.
“As we have checked, there is still no sale of data via underground webs,” Grp Capt Amorn said.
Source: Bangkok Post