The worst data breaches and hacks in the ASEAN region
Being one of the fastest growing digital economies in the world, the ASEAN region has become a hotspot for cyberattacks.
According to AT Kearney’s report on cybersecurity, ASEAN countries are being used as launchpads for cyberattacks, either as vulnerable hotbeds of unsecured infrastructures where numerous computers can be infected easily for large-scale attacks, or as centres for a single point of attack to gain access to the hubs’ global connections.Read more ↓
Malaysia, Indonesia and Vietnam are global operational bases for major blocked suspicious web activities–up to 3.5 times the standard ratio, making them hubs for hackers to launch malware attacks, the report found.
Cyber-attacks and data breaches have been ranked as the fourth and fifth most serious risks facing the world today by the World Economic Forum 2019 global risk report.
The policy preparedness to strengthen cybersecurity in ASEAN region is still nascent, with a lack of institutional oversight and low levels of spending to fortify digital economies.
Here is a quick look at some of the worst data breach incidents in the ASEAN region during the past few years, which depicts why emphasis must be laid on cybersecurity.
Thailand and Vietnam, March 2019: Toyota suffers a chain of data breaches
In March, Japan’s Toyota Motor Corporation revealed that unauthorised access had been detected on servers at its subsidiaries in Thailand and Vietnam.
On its Thai website, Toyota issued a notice stating that the company was “aware of a possibility that some of Toyota’s entities in Thailand were targeted by a cyberattack and that some of its customer data may have been potentially accessed. While we have no evidence of customer information loss at this moment, details are currently under investigation, and we intend to share further specifics, if any, as soon as details are available.”
The company published a similar notice on its Vietnamese website and to date there are no further details as which personal data might have been breached and how many customers might have been affected.
But the worst attack came on March 21, when personal information belonging to 3.1 million clients was exposed as a result of a data breach in its sales offices in Japan. The exposed data included names, addresses, dates of birth, occupation and other information. The company said that payment card information was not exposed.
Philippines, January 2019: Cebuana’s marketing server breached
More than 900,000 clients of Philippine-based pawnshop Cebuana Lhuillier were affected by a data breach on 19 January. According to the financial institution, the figure represents only 3 percent of its total clients.
Cebuana Lhuillier, popularly known as Cebuana, is the leading non-banking financial services firm in the country which provides microloans, pawn-broking, money remittance, bills payments and business-to-business solutions.
On the official statement released by Cebuana it was revealed that customers’ compromised information included date of birth, addresses and source of income. It also said that transaction details were not compromised and that the company’s main servers remained “safe and protected”.
Singapore, January 2019: second health data breach in six months
A few months ago, confidential information belonging to 14,200 people diagnosed with HIV was stolen and leaked online in Singapore.
According to a statement published by the country’s Ministry of Health (MOH), the compromised personal data included names, contact details, HIV test results and other medical information of some 5,400 Singaporeans and 8,800 foreigners dating up to January 2013.
The name, identification number, phone number and address of 2,400 individuals identified through contact tracing up to May 2007 were also included.
According to the MOH statement, “while access to the confidential information has been disabled, it is still in the possession of the unauthorized person, and could still be publicly disclosed in the future.”
Singapore, July 2018: the city-state suffers its largest data breach
Last year, Singapore was subject to the largest data breach in its history with 1.5 million patients to SingHealth’s specialist outpatient clinics affected by it, including Prime Minister Lee Hsien Loong and several ministers.
Personal information stolen included names, National Registration Identity Card numbers, addresses, gender and dates of birth. 160,000 patients had details related to outpatient dispensed medicines as well.
Philippines, May 2018: Wendy’s asked to take preventive measures against data breaches
The National Privacy Commission of Philippines (NPC) emitted cautionary warnings after Wendy’s, a US fast-food chain with operations in the Philippines, was subject to a data breach earlier in 2018. Over 80,000 records, including users’ personal data, were exposed following infiltration by hackers of Wendy’s Philippines website.
The NPC reported that around 82,150 records of customers and job applicants including names, addresses, passwords, payment method and transaction details were compromised in the leak.
In relation to the case, the NPC issued an order addressed to Wendy’s in Philippines to inform users affected by the data breach. The document, which the NPC released on May 2, gave a 72-hour extension for the fast-food chain company to comply…….Read more>>