BANGKOK (Reuters) – Thailand’s iTruemart, a unit of mobile phone operator True Corp Plc, said on Saturday it has fixed a data leak that led to information on some of its customers, including their ID and passport data, becoming public.
The files of customers buying “TrueMove H” mobile packages had been ‘hacked’, it said in a statement following reports of the leak.
It was the first known instance of a major data leak from a mobile operator in Thailand.
Niall Merrigan, a Norway-based security researcher, detailed on his personal blog on Friday that he was able to access 32 gigabytes of True’s customer data, including identification cards and passports.
Merrigan told Reuters the data was “public facing” and that he notified True of the leak in March.
The company said it would alert the customers affected by the hacking on measures it is taking to protect their data. It did not say how many customers or data files had been affected.
Thailand’s National Broadcasting and Telecommunications Commission (NBTC) asked the company to clarify the matter on Tuesday before taking any action, Secretary-General Takorn Tantasith said on Saturday.
True Corp is Thailand’s second biggest mobile operator and a flagship company of billionaire Dhanin Chearavanont’s Charoen Pokphand Group.
Reporting by Chayut Setboonsarng; additional reporting by Papitcha Tanakasempipat; Editing by Clelia Oziel