23,000 Thai students’ data up for sale on the dark web

The university presidents’ council said this morning that the security of its central admissions system has been upgraded after the personal data of around 23,000 students was advertised for sale on the dark web. 

The university presidents’ council insisted that the leaked admissions data, which included personal information and examination results, was only current through last May after anger erupted over the data breach. #BanTCAS was surging on Thai Twitter this morning in reference to the Thai University Central Admission System, or TCAS.

“The TCAS2022 system has been changed to a new model with an improved website where sensitive file data is stored in a private format that cannot be directly accessed,” the council statement read.

Acknowledging that the data had been left in the open, an institutional shortcoming of Thailand’s unsophisticated IT security, it said user data was now only available upon request for a limited period. 

The data was listed for sale in an online marketplace for leaks. The data set includes student’s full names, identification numbers, and examination results. It also included codes indicating their priority, application ID, ranking, and unspecified scores.

“Selling Data ID Card Number Thailand 23k [mytcas.com],” read the forum entry posted Tuesday. It was still available as of late Thursday morning. 

“The ID card number came out like this. How will you be responsible? …  I told you before, just an apology isn’t enough. This is so ineffective. Do you dare to do anything else?,” LostinRun tweeted along with #BanTCAS.

The admissions system said that the records were only a fraction of its more than 826,000 records, but did apologize for the breach and said it would file a complaint with the police and the IT ministry.

Unencrypted, insecure data repositories have resulted in a steady stream of breaches that have disclosed the personal information of travelers, immigrants, and citizens alike across all government sectors.

Just last June, a website for foreign nationals to register for vaccination began coughing up their private data. Records of travelers seeking to enter Thailand late last year were also accessible with little effort.

Related

Vaccine site for foreigners in Thailand spills names, passport numbers | Coconuts



Reader Interactions

Leave A Reply


BECOME A COCO+ MEMBER

Support local news and join a community of like-minded
“Coconauts” across Southeast Asia and Hong Kong.

Join Now
Coconuts TV
Our latest and greatest original videos
Subscribe on