NBTC warns AWN on data breach

NBTC warns AWN on data breach

AIS urged to step up security measures

Takorn: Panel found no personal data leak
Takorn: Panel found no personal data leak

The telecom regulator has handed an official warning letter to a subsidiary of Advanced Info Service (AIS), urging it to strictly ensure cybersecurity and data protection after the firm accidentally exposed its database of 8 billion internet records online without a password during a scheduled test earlier this month.

The move comes after Advanced Wireless Network Co (AWN), the operator of AIS's licensed mobile business, was summoned by the National Broadcasting and Telecommunications Commission (NBTC) on Tuesday to explain the incident.

Takorn Tantasith, secretary-general of the NBTC, said on Tuesday that his agency set up a panel on Monday to look into the event.

The panel resolved that no personal customer data was leaked during the scheduled test that could be used to identify any customers or cause financial harm.

According to the panel, the company should connect its system with the Thailand Computer Emergency Response Team (ThaiCert) and the Thailand Banking Computer Emergency Response team (TB-Cert) to ensure data security protection.

Meanwhile, executives from AWN turned up to explain the incident to the regulator.

Sutisak Tantayotin, deputy secretary general of the NBTC, said AWN told the commission that the exposed database was brought up for examination by the firm to study user behaviour to seek ways to improve service.

The company insisted that the database did not contain personal data of users or any electronic transactions by them, only involving website addresses reached by users.

"The mistake happened because staff thought that was the system testing, so they were careless," Mr Sutisak said.

He said the company promised to discipline staff and raise employees' awareness of cybersecurity.

AIS came under fire after the website techcrunch.com on Monday broke a story about the database of 8 billion internet records being left open on the internet without a password earlier this month.

Security researcher Justin Paine said the database was secured on May 22, one day after he notified ThaiCert about the findings.

The database was first observed as exposed and publicly assessable on May 1, he said.

He started to contact AIS about the open database on May 13, but attempts to contact the firm were unsuccessful. He said he then decided to alert ThaiCert, which subsequently contacted AIS to have the database secured.

AIS on Monday issued a statement saying only non-critical information was exposed online during its scheduled test this month -- not personal information from customers.

Meanwhile, the House committee on communications, telecommunications and digital economy and society said it would call in representatives of AIS, the NBTC, the Digital Economy and Society Ministry and relevant agencies to explain the incident.

"They will also be asked about their preparation for incidents that could happen in the future," said Col Settapong Malisuwan, the committee's vice-chairman.

He said the data leak demonstrates flaws in the security system, which could potentially affect the public.


Do you like the content of this article?
COMMENT (9)

French bus driver dies after attack over mask-wearing rules

BAYONNE, France: A French bus driver who was badly beaten by passengers after asking them to wear face masks in line with coronavirus rules has died, his family said, sparking tributes from political leaders who condemned his "cowardly" attackers.

11:45

Two Ferraris go sunbathing in Thailand

Cavallino Motors has rounded off its aggressive new-car offensive this year with a pair of roadsters.

09:38

Support slips

Singapore's long-ruling party retained power but its support fell sharply, while the opposition made gains, in a general election held under the shadow of a virus outbreak.

08:37