// AFP PHOTO
// AFP PHOTO

Govt urged to push legal measures on data leaks

national August 02, 2018 01:00

By ASINA PORNWASIN
THE NATION

8,027 Viewed

Hacking of two banks’ computer systems seen as an urgent wakeup call.



CYBERSECURITY experts have urged the government to quickly strengthen legal safeguards by adding measures to prevent data leaks after the computer systems of two major Thai banks were hacked recently.

According to the Bank of Thailand (BOT), the computer systems of Kasikornbank and Krung Thai Bank were compromised in the attack, affecting the security of personal and corporate data of more than 120,000 customers.

This has raised concern that cybercriminals could subsequently abuse this data, even though bank executives have claimed that there had been no damage so far.

Paiboon Amonpinyokeat, a legal expert on cybersecurity, said the incidents at the two major banks were worrying and the potential damage could be worse than money stolen from bank accounts.

According to the central bank, the personal data of about 117,000 customers of Krung Thai Bank applying for personal, housing and other loans were recently hacked, while Kasikornbank reported that the data of about 3,000 corporate customers on its website for online letters was compromised.

Paiboon said the government must quickly amend the data protection bill pending in the National Legislative Assembly to include provisions on data leaks, which are likely to occur more often in an increasingly digital economy and society.

Banking service is a major area of vulnerability as several Thai banks have heavily promoted the use of online and mobile banking services, resulting in a big jump in the amount of personal and other data online.

This has posed a major security challenge to all banks, who will have to invest more for cybersecurity.

According to Paiboon, the current version of the data protection bill has no specific provisions on data leaks. During the interim period, he suggested that the BOT announce a code of conduct for banks to comply with basic legal requirements on measures to prevent and respond to data leak incidents. The code of conduct can be modelled on the National Broadcasting and Telecom Commission (NBTC)’s regulations on data leaks, which currently require operators to report data leaks within 72 hours, among others.

Another cybersecurity expert, Prinya Hom-anek, said the latest incidents should serve as a wake-up call for authorities to step up efforts to prevent and respond to data leaks, which are now pervasive.

Since data protection cannot be 100 per cent secure, authorities should also focus on how best to respond to data leaks. Today, even top institutions such as Nasa or the White House in the United States cannot expect 100 per cent data protection, he said.

In the Thai context, Prinya said there are lessons to be learned from the latest hacks at the two major banks and the experience and perspectives could be shared among members of the Thai Banking Association.

Major Thai banks such as Kasikornbank and Siam Commercial Bank have said they each have more than 6-7 million customers on mobile and other online platforms and fewer customers are using banking services at physical branches.

Paiboon said Thai banks have not been able to keep up with the security challenges of the huge number of their customers moving to the online and mobile platforms.

He said all personal data were sensitive and their leaks to unauthorised persons could be damaging so the government needed to quickly introduce appropriate legal safeguards.