Resecurity, a California-based cybersecurity company protecting Fortune 500, has identified disclosed stolen PII to Thailand’s Department of Medical Sciences containing information on citizens with symptoms of COVID-19. The incident was discovered and shared with Thai CERT.
The data was put up for sale on several Dark Web marketplaces and was available for later purchase through a Telegram channel created by the bad actors.
Based on the acquired samples and additional information related to the security incident, the malicious actors were able to gain unauthorized access to the government portal allowing them to illegally manage users and records.
The access was possible due to an active SQL injection vulnerability in an authorization module of the web application used for online surveys.
At the time of breach identification, malicious actors could have accessed at least 5,151 detailed records with a potential exposure of 15,000 in total.
Thailand is not the only region where cybercriminals seek personal and medical data. Most health services in Thailand are available digitally to citizens, which is why they are always an attractive target for cyber espionage groups and other Dark Web actors collecting information for malicious purposes, an example is to use the stolen data for further identity theft. This year, similar incidents have occurred in Indonesia and India, resulting in the theft of COVID-19 patient records.
Resecurity has shared the exposed leaked data with relevant authorities and law enforcement agencies to ensure that affected citizens will be protected under Thailand’s privacy laws and data protection regulations.
To avoid becoming a victim of identity theft, subscribe to Security Identity Protection (IDP), a mobile app and an interactive web service with a dashboard for continuous 24/7 protection. Resecurity enables Dark Web monitoring, credential leak detection, and timely alerts on other identified threats targeting your person online.