The information of around 106 million visitors to Thailand was accessible to all on the internet, according to cybersecurity research firm Comparitech earlier this week. The database was discovered by Bob Diachenko, one of the company’s researchers on August 22. Thai authorities removed the data the next day, after being alerted by Diachenko.
The 200-gigabyte database contained each visitor’s full name, sex, passport number, residency status, visa type, Thai arrival card number, and date of arrival in Thailand. Dates on the records ranged from 2011 to this year. “We do not know how long the data was exposed prior to being indexed,” Comparitech said. The National Cybersecurity Agency of Thailand confirmed the breach, but said it had not found any attempts to sell the data on the internet. The breach comes at a particularly awkward time for Thailand when it is aiming to gradually reopen to visitors who are vaccinated against COVID-19. Phuket, an island in the south, is its so-called sandbox experiment, having welcomed 35,068 tourists since it fully opened its doors to vaccinated visitors in July.
kr-asia.com
