The Personal Data Protection Committee (PDPC) office has asked 15 public organisations which have huge amounts of personal data to re-assess their risks, and will set up a joint committee to boost their security systems, said the committee's secretary-general Siwaruk Siwamogsatham.
The PDPC was founded to oversee personal data protection under the Personal Data Protection Act.
The move came after a hacker named "9Near" posted on BreachForum -- a website where personal data leaked from state agencies and private companies is sold and bought -- that he had obtained the personal data of 55 million Thais, including names, surnames, addresses, birthdates, ID card numbers and telephone numbers.
The hacker also announced on the website 9near.org that any organisations that thought the information had leaked from it needed to contact 9Near by April 5 at 4pm, otherwise they would reveal where the information had been leaked from and release all the information to the public.
9Near also posted 200 samples of such leaked data, which included those of news anchor Sorayuth Suthassanachinda and Prinya Hom-anek, a member of the National Cybersecurity Committee.
On April 2, 9Near said via the Telegram chat application that the operation to release the data had been cancelled due to a conflict among its sponsors.
Mr Siwaruk added that the authorities are still investigating the case and that citizens have the right under the Personal Data Protection Act to sue the hackers and the organisations that leak their data.
He said this case was like "a drill" for the country on cybersecurity and that all the stakeholders should learn from its impact.
He added that one state agency was doubtful whether it had been attacked by 9Near but he declined to name the organisation, which is still probing the case with the PDPC experts.
He also warned people that they would breach the personal data protection law if they downloaded the leaked data.
AVM Amorn Chomchoey, secretary-general of National Cyber Security Agency (NCSA), said the information technology systems of several state agencies were under attack and there were data leaks, so they had to urgently coordinate with one another to tackle the issues.
A source familiar with the probe claimed the data leakage in the 9Near case seemed to be related to a vaccination registration system.
Meanwhile, Mr Prinya, one of the 9Near victims, urged both the NCSA and the PDPC to bolster the country's security systems by conducting an assessment of cybersecurity risks.
"Data leakage is a common global issue and it's hard to prevent 100% but it is every stakeholder's responsibility," he added.
Mr Prinya advised the victims of the personal data leakage to change their mobile phone numbers tied with financial transaction services and social media accounts in order to avoid misuse of their data. Citizens also needed to use privacy settings on their mobile banking apps to minimise their risk.
Meanwhile, the Digital Economy and Society Minister Chaiwut Thanakamanusorn said his ministry was probing the 9Near case and was taking care of the victims.