An investigation panel was formed yesterday by the national telecom regulator to examine the causes of a customer data breach perpetrated by an Advanced Info Service (AIS) employee.
The panel is expected to report within the next 30 days, said Takorn Tantasith, secretary-general of the National Broadcasting and Telecommunications Commission (NBTC). The regulator will pass its findings on to the police for further investigation.
"If we find that AIS was involved in leaking the customer's call data record, AIS's mobile operating licence will be revoked immediately in accordance with Section 66 of the Telecom Business Act," said Mr Takorn.
Section 74 of the act also stipulates that wrongdoers are subject to imprisonment of up to two years for violating the standards for the protection of customers' personal information.
The investigation panel, comprised five NBTC commissioners, is chaired by deputy secretary-general Korkij Danchaivichit.
The move by the NBTC yesterday was in response to a message posted Monday night on community website pantip.com by an AIS customer who said her call data record (including the user's locations and incoming and outgoing calls) had been stolen.
AIS on Tuesday announced in an online statement that it had dismissed the employee for leaking the customer's call data record, noting the data leak violated the company's policy on clients' privacy and safety.
Mr Takorn said the NBTC will discuss the internal fraud case with AIS representatives on Monday to gather more information before coming to a conclusion.
AIS senior vice-president Wilai Kiangpradoo insisted the company has put in place security measures to protect customers' personal data and freedom of communications.
Strict penalties have been imposed for wrongdoers, she said.
Mrs Wilai added that AIS is boosting its information security protection measures in order to avoid such incidents in the future.
A double password system and a closed work environment, including restricted areas for mobile phones and USB flash drives, will be implemented to ensure a higher level of security and protect customers' data from being accessible to unauthorised employees.