{
	"id": "9932f6a1-73f4-4c48-bd47-39c486462e9a",
	"created_at": "2026-04-11T02:23:03.444989Z",
	"updated_at": "2026-04-11T02:24:15.52719Z",
	"deleted_at": null,
	"sha1_hash": "97df843e3a97ab4b2bed823308a97c3d491908c3",
	"title": "Recent cyberattacks put Thai citizens' privacy and data security at greater risk - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 465069,
	"plain_text": "Recent cyberattacks put Thai citizens' privacy and data security at\r\ngreater risk - DataBreaches.Net\r\nPublished: 2022-07-22 · Archived: 2026-04-11 02:08:07 UTC\r\nImage: Source\r\nIn December of 2021, Thailand’s National Cyber Security Agency launched after being delayed by the COVID-19\r\npandemic. In February, it announced that it intended to roll out 40 subordinate regulations of the Cybersecurity\r\nAct this year to strengthen the country’s systems. It sounds like an ambitious — but badly needed — update.\r\nFor the past few years, DataBreaches has been reporting on breaches in Thailand, but it has not always been clear\r\nto what extent the breached entities have fully disclosed their breaches to individuals whose personal or sensitive\r\ninformation may have been caught up in a breach.\r\nIn its analysis of global breach notification laws, DLA Piper summarized the current breach notification\r\nobligations in Thailand this way:\r\nIn the event of a data breach, Data Controllers must report the breach to the Regulator without undue\r\ndelay, and in any event, if feasible, within 72 hours of becoming aware of it. Data Controllers also have\r\nan obligation to notify the data subjects of the breach and the remedial measures if the breach is likely\r\nto result in high risks to the rights and freedoms of individuals.\r\nOf course, not all incidents result in high risk even if they sound dreadful. In August of 2021, Bob Diachenko\r\ndiscovered the records of 106 million travelers to Thailand were exposed due to a misconfiguration. The exposed\r\ndatabase contained each visitor’s full name, sex, passport number, residency status, visa type, Thai arrival card\r\nnumber, and date of arrival in Thailand. The National Cybersecurity Agency confirmed the leak, but said it had\r\nfound no evidence of any data up for sale and no evidence that the exposed data had been accessed by any\r\nunauthorized parties.\r\nThat was the third leak in as many months. In June, a local blogger had reported that the Bangkok immigration\r\nsite was leaking passport number, nationality, date of birth, email, telephone number, and visa expiration date. And\r\nhttps://www.databreaches.net/recent-cyberattacks-put-thai-citizens-privacy-and-data-security-at-greater-risk/\r\nPage 1 of 3\n\na Covid vaccination site set up for vaccine registration, Thailandintervac.com, was found to be leaking names,\r\npassport numbers and locations, and there were reports that people could edit other people’s information.\r\nBut in addition to leaks, there were actual cyberattacks.  In August 2021, Bangkok Airways revealed it had been\r\nthe victim of a cyberattack that accessed passengers’ names, nationalities, genders, phone numbers, emails,\r\naddresses, contact information, passport information, historical travel information, partial credit card information\r\nand special meal information. That attack appeared to be the work of LockBit.\r\nYet other incidents have also put Thai people at increased risk, especially when groups like ALTDOS and\r\nDESORDEN start giving away data freely on popular hacking forums.\r\nIn August 2021, Catalin Cimpanu compiled government advisories and incident reports by DataBreaches on threat\r\nactors called ALTDOS, describing the group as wreaking havoc across Southeast Asia, including Thai entities. But\r\nit wasn’t just ALTDOS wreaking havoc. In October 2021, DESORDEN hit Centara Hotel Group and Central\r\nRestaurant Group. In that case, the entities did issue public statements about the breach, but whether they ever sent\r\nindividually mailed notifications to guests or any employees affected is not known to DataBreaches.\r\nIn the past week, DataBreaches became aware of two more breaches that put Thai people at increased risk. The\r\nfirst was a breach of Mistine Better Way Thailand by DESORDEN. As reported previously on this site,\r\nDESORDEN claimed to have acquired 180 GB of data and 60 GB of files, including about 20 million records\r\nwith information on customers and representatives.\r\nIn reporting on the Mistine incident, DataBreaches provided a screenshot from one of the databases DESORDEN\r\nshared with this site. That database included employees’ first and last names, their password, and their display\r\nname. Other fields in that database, not viewable in the screencap, included the employees’ addresses and mobile\r\ntelephone numbers.\r\nDESORDEN subsequently posted data from the breach as a free sample on a popular hacking forum.\r\nDESORDEN gave away data allegedly from MISTINE on a popular hacking forum. Whether they\r\nwill sell or give away more data is as yet unclear. Image redacted by DataBreaches.net.\r\nTo date, Mistine has not responded to multiple inquiries by DataBreaches asking them to confirm or comment on\r\nthe breach.  There is no notice on their web site and no notice on their Twitter account. DataBreaches can find no\r\npress releases or media coverage from Thailand about the claimed hack.\r\nHas MISTINE reported the breach to the regulator, as would appear to be required? DataBreaches does not now.\r\nhttps://www.databreaches.net/recent-cyberattacks-put-thai-citizens-privacy-and-data-security-at-greater-risk/\r\nPage 2 of 3\n\nBut the DESORDEN breach and leak is not the only concern for Thai citizens this week. Another individual also\r\nprovided a free sample of data, but these data are from what is described as a database of 30 million Thai people.\r\nThe data fields include:\r\n“id”,”name”,”phone_no”,”addr”,”id_card”,”m_s”,”birth”, and “gender:”\r\nAnother listing by a different party on a popular hacking forum. In this case, the individual has\r\nindicated that the data are for sale. Image redacted by DataBreaches.net.\r\nDataBreaches is attempting to get more details about this second breach, but notes that both this database and the\r\nDESORDEN data have mobile phone numbers, which suggests that the two databases might contain a number of\r\noverlapping individuals for whom more complete dossiers could now be compiled.\r\nSince DataBreaches does not yet know the source of the second data leak, this site does not know whether that\r\nentity is already aware of any leak or breach or if they have notified any regulator or notified any consumers.\r\nDataBreaches has sent inquiries to both THAI-CERT and Thailand’s NCSA to seek information about the\r\ngovernment’s awareness of these latest breaches and to inquire what the government is doing. No replies have\r\nbeen received as yet.\r\nSource: https://www.databreaches.net/recent-cyberattacks-put-thai-citizens-privacy-and-data-security-at-greater-risk/\r\nhttps://www.databreaches.net/recent-cyberattacks-put-thai-citizens-privacy-and-data-security-at-greater-risk/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.databreaches.net/recent-cyberattacks-put-thai-citizens-privacy-and-data-security-at-greater-risk/"
	],
	"report_names": [
		"recent-cyberattacks-put-thai-citizens-privacy-and-data-security-at-greater-risk"
	],
	"threat_actors": [],
	"ts_created_at": 1775874183,
	"ts_updated_at": 1775874255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/97df843e3a97ab4b2bed823308a97c3d491908c3.pdf",
		"text": "https://archive.orkl.eu/97df843e3a97ab4b2bed823308a97c3d491908c3.txt",
		"img": "https://archive.orkl.eu/97df843e3a97ab4b2bed823308a97c3d491908c3.jpg"
	}
}