A major data breach involving Bangchak Corporation Public Company Limited is being swiftly investigated by Thailand's Personal Data Protection Committee (PDPC). The company stated that unauthorised access to its customer feedback system had affected roughly 6.5 million records.
A statement posted on the PDPC Thailand Facebook page on April 11 claims that Bangchak discovered the breach on April 9 and acted right away to secure the compromised systems and prevent unauthorised access. The portal from which the hacked data originated was used to gather customer input.
The PDPC has directed Bangchak to conduct an extensive internal investigation and submit a comprehensive report outlining the nature of the exposed data, the impact on consumers, the root cause of the breach, and a risk assessment. The agency is also investigating whether there was a violation of Thailand's Personal Data Protection Act (PDPA), which might result in legal action if noncompliance is discovered.
In response to the breach, Bangchak delivered SMS alerts to affected customers. The company declared that no sensitive personal or financial information was compromised. However, it advised users not to click on strange links or share their OTP (One-Time Password) tokens with others, which is a typical practice in phishing and fraud schemes.
The PDPC stressed the necessity of following data protection rules and taking proactive measures to avoid similar incidents in the future.
Prevention tips
Set security guidelines: Security protocols must include the cybersecurity policies and processes necessary to safeguard sensitive company data. One of the most effective strategies to prevent data theft is to establish processes that ensure unauthorised persons do not have access to data. Only authorised personnel should be able to view sensitive information. Businesses should have a thorough grasp of the data that could be compromised in order to minimise the risk of a cybersecurity attack.
Implement password protection: One of the most effective things a small business can do to protect itself from a data breach is to use strong passwords for all sites visited on a daily basis. Strong passwords should be unique for each account and include a mix of letters, numbers, and symbols. Furthermore, passwords should never be shared with coworkers or written down where others can see them.
Update security software: Employing firewalls, anti-virus software, and anti-spyware applications can help businesses make sure that hackers can't just access confidential information. To maintain these security programs free of vulnerabilities, they also need to be updated on a regular basis. To find out about impending security patches and other updates, visit the websites of any software suppliers.