True Corp told to consider compensation over data leak

18 Apr 2018
00:00

Thai telecoms regulator NBTC has instructed mobile operator True Move H to assess the impact of its recent personal data leak and offer compensation to any affected customers.

The regulator also plans to conduct a formal investigation into the incident and consider imposing punishments, and issue a letter demanding that mobile operators take appropriate steps to prevent similar breaches in the future, the Bangkok Post reported.

A security researcher recently revealed that the identity documents of up to 45,736 customers of True subsidiary iTrueMart had been exposed by being stored in a publicly-accessible Amazon S3 data bucket. The company also took more than a month to finally make the cache of files private.

Researcher Niall Merrigan discovered the cache by scanning certificate transparency logs created when someone creates a new security certificate.

Yet True Move H and parent True Corp are continuing to characterize the action as a data breach. A True Corp executive told the Bangkok Post that the company is considering taking legal action for hacking the data from the system, stating that he used “special tools to access data which he has no right to get into.”

But a cloud expert noted that because the default setting for the AWS S3 service is private, True had to have intentionally set the data to public.

Related content

Comments
No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.