Resecurity, a California-based cybersecurity company protecting Fortune 500, has identified leaked PII stolen from Thailand’s Department of Medical Sciences containing information about citizens with COVID-19 symptoms. The incident was uncovered last week and shared with Thai CERT.
The data was put for sale on several Dark Web marketplaces and was available for further purchase via a Telegram channel created by the bad actors.
Based on the acquired samples and additional insights related to the security incident, the bad actors were able to gain unauthorized access to the government portal allowing them to manage users and records illegally.
“According to the actors, they were able to steal sensitive and personal information including but not limited to last name, first name, sex, age, contact details, medical history, and related local healthcare identifiers” reads the post published by Resecurity
The access was possible due to an active SQL injection vulnerability in an authorization module of the WEB-app used for online surveys.
At the time of breach identification, the bad actors could have accessed at least 5,151 detailed records with potential exposure of 15,000 in total.
Thailand is not the only region where cybercriminals hunt for personal and medical data. Most healthcare services in Thailand are available in digital form for citizens, that’s why they’re always an attractive target for cyberespionage groups, and other Dark Web actors collecting information for malicious purposes, one example is to use the stolen data for further identity theft. This year similar incidents occurred in Indonesia and India leading to the theft of COVID-19 patient records.
Resecurity has timely shared the exposed leaked data with the relevant authorities and law enforcement to ensure the affected citizens will be protected in the scope of the existing privacy laws and data protection regulations in Thailand.
To prevent yourself from being a victim of identity theft – subscribe to Resecurity® Identity Protection (IDP), a mobile app and interactive WEB-service featuring a dashboard for continuous 24/7 protection. Resecurity® enables Dark Web monitoring, leaked credentials detection, and timely alerts about other identified threats targeting your persona online.
Resecurity has shared additional details in this blog post:
(SecurityAffairs – hacking, COVID-19)