Until this morning, senior citizen residents of Bangkok’s Bang Khun Thian could just go to the district office website to find out if they were eligible to receive social security benefits.
There they might have been surprised to find their names, ID numbers, birthdays, banks and bank account numbers listed along with those of more than 2,000 others in a publicly accessible spreadsheet.
The records, the latest in a series of mishandled sensitive data by a government agency, was posted by the district’s welfare department, a representative of which acknowledged the problem Tuesday morning.
“We intended to make it more convenient for people who can’t come to check at the district office,” department chief Piyathida Niyom said. “We’ve known about it since this morning, and we are taking it down.”
As of Tuesday afternoon the file still remained publicly available on the district’s site. According to the list, it contains the names of senior citizens eligible for benefits in 2017 and was last updated Dec. 28.
Locating vulnerable data has become a pursuit of online activists eager to point out vulnerabilities and insecurities in government-run sites since the military government made moves to channel all net traffic through a single point of control – and possible failures.In March, personal details from the immigration bureau about hundreds of expats in a southern province were discovered online.
Since late last year, a series of incidents involving personal information has been leaked online by hacker activists, who claimed to have taken it from vulnerable government systems.The seniors’s records were first publicized Monday afternoon by Twitter user
@bodin.“Thank you Bangkok Metropolitan Administration,” @bodin tweeted. It’s all leaked – IDs, birthdays, bank account numbers. The only thing missing is their passwords for internet banking.”
In a move unlikely to satisfy privacy expectations, Piyathida said her office would replace the database with records containing only names and addresses. Those eligible for benefits would need to call the office and confirm their bank account details, she said.