Results 1 to 3 of 3
  1. #1
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510

    Get ahead of cybercrime | Bangkok Post

    Get ahead of cybercrime

    The much needed Personal Data Protection Act -- which has been delayed for two years -- will be mandated by June. It's part of the government's pledge to boost cyber security in Thailand but a large theft of data from the Thai University Central Admission System (TCAS) earlier this month has done little to inspire confidence that authorities will actually get on top of this growing threat anytime soon.
    Through this latest embarrassing cyber theft, the personal information of over 23,000 students who took part in last year's university entrance examinations was taken and sold on the internet by hackers.
    The stolen information is part of 826,250 files in the TCAS database.
    The incident is another reminder of government failure to deal with cyber-security threats.
    Last year, a number of state hospitals -- one of the largest public database storage areas -- were attacked by hackers.
    State-run Phetchabun Hospital in September saw data on more than 10,000 patients stolen.
    In the same month, another hacker managed to block Saraburi Hospital from accessing patients' medical records and shut down the hospital's phone lines. The attacker demanded the hospital pay 63 billion baht in Bitcoin.
    A month later, it was found that someone on the dark web was selling the data of 100,000 people from 11 hospitals nationwide.
    Cyber theft in e-commerce and fintech has proven to be even more brazen.
    Last October, the Bank of Thailand (BoT) admitted that unauthorised online withdrawals of 130 million baht were made from over 10,000 debit and credit card accounts from Oct 1-16.
    Be it about these examples or others, pledges from the government to address cybercrime tended to be nothing more than sound bites that would dissipate as the media spotlight moved elsewhere.
    Up until now, there have been no updates made by the police about the hackers or who was responsible, nor has there been compensation or protection provided for those affected.
    State agencies that collect personal data from the public do not seem to have to bear any responsibility for their failure to protect the data they have collected and stored.
    The lack of penalties for database owners for failing to sufficiently protect personal data is the most ignored factor in the country's policy on cyber-security protection.
    It appears that the government and private sector are fixated on catching hackers by investing in pricey software and hiring tech-savvy personnel.
    Little has been done to make owners of databases accountable for their failure to protect personal data.
    It has become normal practice that government and private companies just offer an apology and promise to do better.
    It is hopeful that the problem will be addressed when the Personal Data Protection Act becomes effective this June.
    Good cyber security laws, applying innovations to match hackers and digital literacy among citizens are all ways to deal with the issue.
    But the government must understand that the country's cyberspace and personal data will never be safe in the hands of irresponsible state agencies and companies.
    Accountability needs to be part of the solution.

  2. #2
    Thailand Expat tomcat's Avatar
    Join Date
    Nov 2005
    Last Online
    @
    Posts
    17,214
    Quote Originally Posted by TTraveler View Post
    State agencies that collect personal data from the public do not seem to have to bear any responsibility for their failure to protect the data
    Quote Originally Posted by TTraveler View Post
    The lack of penalties for database owners for failing to sufficiently protect personal data is the most ignored factor
    Quote Originally Posted by TTraveler View Post
    Accountability needs to be part of the solution.
    ...impunity is a built-in safeguard for the local bureaucracy, political establishment and uniformed personnel...it is generally expressed in Thai culture as mai pen rai...

  3. #3
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    The problem with PDPL's is that there is normally a hefty penalty for breaches and/or failure to notify.

    Which is OK when it's Bangkok Airways or Lazada, but not if it's a government entity.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •