BANGKOK — The government on Friday ordered internet service providers to block access to a website that threatened to reveal personal data of 55 million Thai citizens.
A hacker, who goes by the pseudonym of 9Near, said on their website they would release all the data to the public, as well as exposing the name of the government agency the data was stolen from and its security vulnerabilities, unless the agency reaches out to them by next Wednesday.
“Almost election, decide wisely,” the now-blocked website wrote. “We are not kidding.”
Digital economy minister Chaiwut Thanakamanusorn said he does not believe the threat is credible and ordered authorities to arrest the hacker.
“No government agencies would have that much data since 55 million is almost the entire population,” Chaiwut said. “We are investigating where the data breach happened and how much data was leaked. We believe the hacker is someone living in Thailand and we will swiftly track them down.”
The minister said the data might have been stolen from the public or private sector and contained no sensitive information such as medical records.
NameSilo, a U.S.-based web hosting service, and Thai internet service providers were also instructed to block access to the website, he said, which is now inaccessible to most internet users in Thailand as of Friday evening. Users who attempted to access the website would be redirected to a government notice saying the content has been suspended due to cybercrimes.
The leak was discovered on Mar. 15 by cybersecurity page ExploitWareLabs, who posted a screenshot of a post by 9Near on Breach Forum, where they put on sale personal records of 55 million Thai citizens containing ID numbers, dates of birth, addresses, and phone numbers obtained “somewhere in government.”
The hacker, whose profile picture features an orange inverted triangle resembling the logo of the Move Forward Party, listed no price on the post, but potential buyers could choose to buy the whole dataset, partial dataset, or even data on a specific person in cryptocurrency.
Several TV personalities such as celeb news reader Sorayuth Suthassanachinda and Thairath TV anchorman Phakphoom Phansatit also reported Thursday they had received a SMS containing their personal information and a link to 9Near’s website.
Digital economy minister Chaiwut warned those who illegally break into computer systems and access protected data are punishable under the Computer Crime Act and Personal Data Protection Act. The former carries a maximum penalty of five years in prison.