The Council of University Presidents of Thailand (CUPT) on Thursday admitted that the personal information of over 23,000 students who took part in last year's examinations was leaked and sold on the internet by hackers.
The information, which included the students' names, identity card details and grades, was stolen from the Thai University Central Admission System (TCAS) and sold on the dark web, the CUPT said.
The stolen information belongs to students who took part in the third round of university admissions examination, which was held around May last year.
The stolen information is part of 826,250 files in the TCAS database which were entered into a computer system during the third round of examinations.
The files could have been exported in May last year by a university staff member, who was authorised to access such data to rank applicants based on the university's selection criteria, the CUPT said.
Last year's admissions database -- known as TCAS64 -- was shut down in December. This year's version, TCAS65, has been upgraded to ensure students' personal information is better protected.
"CUPT apologises for the impact on personal information. In light of the incident, it is reviewing the database and working procedures with the support of the National Cyber Security Agency [NCSA]," it said.
The council also said it will file a complaint with the police and pursue legal action against anyone involved in the leak.
Gp Capt Amorn Chomchoey, deputy secretary-general of the NCSA, told the Bangkok Post that the leak could have been caused by an error by university staff who carelessly exported the data from the TCAS.