The biggest data breaches in the ASEAN region.
With its dynamic position as one of the fastest growing digital economies in the world, the ASEAN region has become a prime target for cyberattacks.
According to AT Kearney’s report “Cybersecurity in ASEAN: An Urgent Call to Action”, ASEAN countries are being used as launchpads for cyberattacks, either as vulnerable hotbeds of unsecured infrastructures where numerous computers can be infected easily for large-scale attacks, or as centres for a single point of attack to gain access to the hubs’ global connections.
The report also found out that Malaysia, Indonesia and Vietnam are global operational bases for major blocked suspicious web activities, up to 3.5 times the standard ratio, making them hubs for hackers to launch malware attacks.
The World Economic Forum 2019 global risk report has named cyber-attacks and data breaches as the fourth and fifth most serious risks facing the world today. It’s the second year in a row in which these threats have been present in the top five list of risks.
Aware of the threat that cyberattacks are posing to the region, last September the 10 members of the ASEAN bloc agreed to 11 voluntary, non-binding norms of responsible behaviour to strengthen cybersecurity.
These norms had been proposed by the United Nations in 2015 and include proposals for individual states to not knowingly allow their territory to be used neither to commit “wrongful acts using information and communications technology” nor to damage critical technological infrastructure.
Below we have compiled a list of the most serious data breach incidents in the ASEAN region during the past few years.
Thailand and Vietnam, March 2019: Toyota suffers a chain of data breaches
In mid-March, Japan’s Toyota Motor Corporation revealed that unauthorised access had been detected on servers at its subsidiaries in Thailand and Vietnam.
On its Thai website, Toyota issued a notice stating that the company was “aware of a possibility that some of Toyota’s entities in Thailand were targeted by a cyberattack and that some of its customer data may have been potentially accessed. While we have no evidence of customer information loss at this moment, details are currently under investigation, and we intend to share further specifics, if any, as soon as details are available.”
Philippines, January 2019: Cebuana’s marketing server breached
More than 900,000 clients of Philippine-based pawnshop Cebuana Lhuillier were affected by a data breach on 19 January. According to the financial institution, the figure represents only 3% of its total clientele.
Cebuana Lhuillier, popularly known as Cebuana, is the leading and largest non-banking financial services firm in the country which provides microloans, pawn-broking, money remittance, bills payments and business-to-business solutions.
Singapore, January 2019: second health data breach in six months
This week it was revealed that confidential information belonging to 14,200 people diagnosed with HIV was stolen and leaked online in Singapore.
According to a statement published by the country’s Ministry of Health (MOH), the compromised personal data included names, contact details (phone number and address), HIV test results and other medical information of some 5,400 Singaporeans and 8,800 foreigners dating up to January 2013.
Singapore, July 2018: the city-state suffers its largest data breach
Last summer Singapore was subject to the largest data breach in its history with 1.5 million patients to SingHealth’s specialist outpatient clinics affected by it, including Prime Minister Lee Hsien Loong and several ministers.
Personal information stolen included names, National Registration Identity Card numbers, addresses, gender and dates of birth. 160,000 patients had details related to outpatient dispensed medicines as well.
Philippines, May 2018: Wendy’s and Jollibee asked to take preventive measures against data breaches
Last May the National Privacy Commission of Philippines (NPC) gave popular fast-food chain Jollibee Foods Corporation (JFC) 10 days to come up with a plan to rehabilitate the vulnerabilities in its website, which could expose the data of millions of customers in the case of a breach.
In addition to this, the NPC also ordered Jollibee to “employ privacy by design” in re-engineering JFC Group’s data infrastructure. The food chain will also need to conduct a new privacy assessment, while filing a monthly progress report, until the issues in the system are addressed.
Thailand, March 2018: True Corp’s data gaffe
In March 2018 security researcher Niall Merrigan revealed that the identity documents of around 45,000 customers of True Corp, Thailand’s second-biggest mobile network and the flagship company of billionaire Dhanin Chearavanont’s Charoen Pokphand Group, had been exposed.
Malaysia, October 2017: Fiasco at the Malaysian Communications and Multimedia Commissions
In what’s Malaysia’s darkest data breach episode to date, more than 46 million mobile subscribers’ data was stolen and leaked on to the dark web.