Data leaks at 2 Thai banks spark call for legal safeguards

BANGKOK • Cyber-security experts have urged the government to quickly strengthen legal safeguards by adding measures to prevent data leaks after the computer systems of two major Thai banks were hacked recently.

According to the Bank of Thailand (BOT) on Wednesday, the computer systems of Kasikornbank (Kbank) and Krungthai Bank (KTB) were compromised in the attacks, affecting the security of the personal and corporate data of more than 120,000 customers.

This has raised concern that cyber criminals could subsequently abuse this data, even though bank executives have claimed that there had been no damage so far.

Mr Paiboon Amonpinyokeat, a legal expert on cyber security, said the incidents at the two major banks were worrying and the potential damage could be worse than money stolen from bank accounts.

According to the central bank, the personal data of about 117,000 customers of KTB applying for personal, housing and other loans was recently hacked, while Kbank reported that the data of about 3,000 corporate customers on its website for online letters was compromised.

KTB president Payong Srivanich said hackers used "advanced hacking techniques" to obtain personal data from 20,000 customers who had applied for credit online.

Mr Payong noted that the bank was able to immediately stop the hacking after its IT division reported suspected data theft.

The two banks reported the cyber attacks over the weekend. Kbank said it detected the irregularity on July 25 and has increased data surveillance and protection.

Mr Paiboon said the government must quickly amend the data protection Bill pending in the National Legislative Assembly to include provisions on data leaks, which are likely to occur more often in an increasingly digital economy and society.

According to Mr Paiboon, the current version of the data protection Bill has no specific provisions on data leaks. During the interim period, he suggested that the BOT announce a code of conduct for banks to comply with basic legal requirements on measures to prevent and respond to data leak incidents, such as requiring operators to report data leaks within 72 hours.

The banking sector is a major area of vulnerability as several Thai banks have heavily promoted the use of online and mobile banking services, resulting in a big jump in the amount of personal and other data online. This has posed a major security challenge to all banks, which will have to invest more on cyber security.

Major Thai banks such as Kbank and Siam Commercial Bank have said they each have more than six million customers on mobile and other online platforms, and fewer customers are using banking services at physical branches.

Cyber-security expert Prinya Hom-anek said the latest incidents should serve as a wake-up call for the authorities to step up efforts to prevent and respond to data leaks, which are now pervasive.

Mr Prinya said there are lessons to be learnt from the latest hacks at the two major banks and the experience and perspectives could be shared among members of the Thai Banking Association.


Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on August 03, 2018, with the headline Data leaks at 2 Thai banks spark call for legal safeguards. Subscribe