TAIPEI (Taiwan News) — Following media reports of a massive data breach in Taiwan, the Kuomintang legislative caucus on Wednesday (Dec. 7) urged the government to act swiftly in collaboration with foreign governments involved to remove the data from the dark web.
In October, media reported a user of "BreachedForums" named "OKE" was selling the private data of 200,000 people, and the user claimed the data was only part of a total of 23,572,055 leaked data entries. The data for sale was initially believed to be hacked from the official household registration system, but the Ministry of Interior (MOI) denied the allegation in a statement, saying the screenshot data is in a format different from that in its system.
In the same statement, the MOI claimed the data was outdated.
Leaked data still there
Earlier this month, a well-intentioned hacker, who exposed the country's largest-ever data breach in history and handed over allegedly stolen data to Taiwan People News in October, told the news agency that the leaked data was still on BreachedForums and disapproved of the government not removing the data from the dark web.
The hacker accused the MOI of downplaying the damage by describing the data as outdated, which he said is not true.
The data consists of ID codes, birthplaces, educational backgrounds, phone numbers, addresses, and names of close family members belonging to Taiwan's Vice President Lai Ching-te (賴清德) and Secretary-General of the National Security Council Wellington Koo (顧立雄). The news report also found the data was hacked no earlier than 2018 after an investigation of the evidence.
Leak on BreachedForums the biggest after Toogod
Furthermore, the hacker said that data leaked from Toogod, which was previously known as Taiwan's biggest data breach of all time before the leak on BreachedForums came to light, has personal information of Lai and Koo, but evidence shows Lai's data on Toogod was probably leaked from the household system dated before 2010 as the address was spelled in an old format that ceased to function after that year.
The news reports also compared the data of Koo and found his home address in Taipei's Beitou District shown on BreachedForums matched what his colleagues had described to the reporter about Koo's current residence rather than in Taipei's Wenshan District as shown on Toogod.
The hacker suspects that the MOI is either not aware of the data breach unveiled in late October, or intentionally described the data as old and useless with mismatched formatting in order to shirk its responsibility.
A cybersecurity engineer was quoted as saying that the data breaches would cause damage in various degrees, from being misused in telefraud or even worse, kidnapping. The engineer called on the government to team up with international police bodies and foreign governments to remove the data from the dark web at their earliest and immediately fortify the firewall of all government agencies.
Hsieh Yi-fong (謝衣鳯), deputy director of the Kuomintang legislative caucus, said at Wednesday's press conference that the government shouldn't keep ignoring the wake-up call for national security, as the personal data of nearly the whole population is now in the wrong hands.