123,000 customer data exposed in two Thailand Banks Data Breach

Thailand’s two big banks are the newest victims of a data leak involving 123,000 customer records. This happened on the backdrop of Thailand’s push for more and more cashless transactions. Krungthai Bank (KTB) and Kasikornbank (KBank) have been penetrated that caused people to rethink the next monetary strategy to follow. Initial checks concluded that the hack was caused by someone outside of Thailand. “Data leakage generally can stem from malware, computer viruses, a vulnerability of software during the development process or even user error. Organisations in the spotlight are targeted by cybercriminals,” said Surangkana Wayuparb, CEO, and executive director of Electronic Transaction Development Agency.

On his part, Payong Srivanich, President of KTB has committed to reviewing the data breach carefully and taking all the necessary action. He also confirmed with the customers that no money has been lost during the unfortunate incident. KTB has no plan to increase cybersecurity spending at the wake of the cyber attack. They have boasted a total of 10 billion Thai Baht IT investment for the year 2018 as enough to prevent recurrence of the incident.

The local banking sector of Thailand is now urged to hire the services of ethical hackers to perform penetration testing with the banks’ systems. Penetrating a banking server is a good money making endeavor by the cybercriminals, and they will try to find new ways to bypass early detection. Till now, people in the banking industry have believed that the threats due to inside job are much bigger than any external ones. It takes a lot of knowledge about how to take advantage of any weakness of the banking system, as its core functions are not normally exposed on the Internet. “Inside-to-outside data leaks largely come from former staff, which is a key concern that banks need to monitor,” a bank executive emphasized.

In view of Thailand’s ever increasing demand for cashless transactions, Nakrop Niamnamtham, the managing director of one of Thailand’s biggest cybersecurity firm, nForce Secure Co said: “Overall, there have been investments in cybersecurity in the public and private sectors, as well as the availability of advanced technologies, so products and technology are well-equipped, but cybersecurity. This is similar to having a fully furnished car without airbags to protect the driver if he or she is drunk. In Europe and the US, consumers sue service providers or operators who leak their data, but nothing has been done for the many data leaks in Thailand. If we have laws that create demand for professional cybersecurity staff, this might attract students, while academics should improve the quality of students and not just focus on the salaries students.”

Thailand’s Information Security Authority, headed by Prinya Hom-anek has called for a thorough review of the country’s priority when it comes to cybersecurity of its banking sector. “Regulators should draft cybersecurity legislation for a public hearing with the cybersecurity expert community. Business operators have increased spending on sales and marketing while considering cybersecurity a cost and compliance issue. In fact, if there is an attack, reputation and customer confidence will be ruined, resulting in loss of capital and data recovery. We have to train more vocational school students to be cybersecurity engineers and staff,” Prinya concluded.