TAIPEI (Taiwan News) -- A foreign hacker has gained access to the private data of 200,000 users of the Taiwanese job hunting website 1111 Job Bank and posted it to an American online forum.
According to iThome, the personal information of 200,000 job seekers on 1111 Job Bank has been posted on an American hacker forum. The leaked information is extensive, including ID card numbers, full names, birth dates, email addresses, telephone numbers, mailing addresses, and work history of 200,000 of the website's users, all in traditional Chinese characters.
The hacker forum normally requires registration or payment to access hidden data, but this time, the hacker leaked some personal data directly in the thread and declared in the forum that he had personal information about people from Macau, Hong Kong, Singapore, China, and Taiwan. In order to gain credibility among his fellow hackers, he brazenly posted a section of the hacked data directly in the public view of the forum.
Moreover, because most of the forum members are Westerners, the hacker spelled out the Chinese names with pinyin so they would know how to pronounce them.
Article 27 of Taiwan's Personal Information Protection Act (個人資料保護法) states that "Personal data archives maintained by non-public organs shall take appropriate security measures to prevent personal data from being stolen, tampered with, damaged, lost or leaked." Based on the vast trove of information leaked onto the forum, 1111 Job Bank has the responsibility and obligation to adopt appropriate security measures to protect the personal security of all job seekers.
In addition, Article 29 of the act, "Those who violate the provisions of this law and illegally collect, process, utilize, or otherwise infringe upon the rights of the Party shall be liable for damages." If a victim of such a data breach is not able to quantify the amount of damage they suffered, they may request the court to calculate an amount based on the circumstances of the infringement.
A victim of such a data leak may be compensated between NT$500 (US$16) and NT$20,000. However, if multiple parties suffered harm due to the same data breach, the maximum amount of compensation they can collectively receive is NT$200 million, unless it can be proven that actual damages exceeded that amount.
In the case of this data leak from 1111 Job Bank, 200,000 records at the minimum amount of rate of NT$500 per person would equal to NT$100 million in compensation owed to the victims. The job search site could avoid paying compensation if they can prove that it was not liable for intent or negligence.
Ho Chi-sheng (何其生), deputy general manager of 1111 Job Bank, said that the scope of the personal data leakage has not yet been confirmed, reported CNA. Ho said that the company is working with authorities on investigating the matter.
Ho emphasized that "We will take responsibility for compensation" for those who were affected by the data leak. He added that the company has liability insurance which will handle the claims of the site's members.