Executives of True Corporation, Thailand’s second largest mobile phone operator, reported to the Office of the National Broadcasting and Telecommunications Commission (NBTC) on Tuesday in relation to the recent leak of customers’ personal information.
The NBTC had asked that True provide a clarification on the matter today, the first working day after the Songkran holiday.
Meanwhile, following the leak the telecoms regulator is requesting cooperation from the country’s five main mobile operators to clearly outline and further strengthen their data protection measures, NBTC secretary-general Takorn Tantasith told reporters.
The NBTC will also now aim to build its own data centre to store customer information, Takorn said, instead of just having the private sector keep track of their own customer databases.
Seubsakol Sakolsatayadorn, managing director of Ascend Commerce which is True Corp’s digital unit, told reporters on Tuesday that stored copies of identity cards belonging to 11,400 customers who purchased TrueMove H mobile packages from True’s e-commerce platform iTruemart had been hacked using three special tools.
The data breach was first discovered by Norway-based security researcher Niall Merrigan, who detailed on his personal blog last Friday that he had come across 32 gigabytes of the company’s data in online cloud storage and that it was not encrypted.
Merrigan criticized the slow response from True in dealing with the issue, saying he had first notified the telecoms provider of the leak in March. It was not until 12 April that the data was restricted.
Pakpong Pattanamas, a deputy director for True’s mobile unit, said the company had sent out an SMS and email to the 11,400 affected customers in which it provided updates on security measures taken to fix the issue. The company has also said it would prevent any fraudulent use of the data made public by filing a police complaint on behalf of the 11,400 customers.