The Thailand Consumers Council is urging the Department of Older Persons (DOP) to take action and inform 19.7 million of its members that their personal data is being sold on the dark web.
The council has asked the DOP to advise its members about the risks they face and develop measures to ensure the security of their data.
Supinya Klangnarong, chairwoman of the Thailand Consumers Council's subcommittee on Telecoms and ICT, said on Saturday the DOP should admit the data leak occurred and notify the owners to allow them to prepare for any potential risks.
According to a Jan 22 report by Resecurity -- an American private cybersecurity company -- 19,718,687 rows of personally identifiable information (PII), including names, addresses, phone numbers, ID numbers, emails, signatures and ID card photos of Thai citizens were found on the dark web.
The report said the data was leaked from the DOP.
Ms Supinya expressed her concerns about the leak.
Delays in taking action and problems around a lack of strict enforcement exist, despite the existence of the Personal Data Protection Act (PDPA), she said.
She also mentioned the elderly's lack of knowledge about modern technology, suggesting the government must develop digital functions that are suitable for them.
That could include the option to hold money transfers on the PromptPay payment system for 15 or 30 minutes before the transactions are processed, which will allow them some time to check their transactions and make sure they are not being scammed.
The government should regularly distribute updates to the elderly, with warnings and tips on how they can stay secure online, Ms Supinya said.
Meanwhile, Minister of Social Development and Human Security Varawut Silpa-archa said the actual amount of leaked data is less than that which has been reported in the news.
"As the minister, I want to express my sincere apologies," he said.
The ministry has worked with various parties, including the Office of the Personal Data Protection Committee and National Cyber Security Agency, to review cyber security measures to safeguard citizens' data, he said.
The DOP has filed a complaint about the matter with the Cyber Investigation Bureau (CIB).