A student checks his mobile while walking past a billboard advertising True Move H’s 4G service. (Photo by Narupon Hinshiranan)
iTruemart, a unit of mobile phone operator True Corp Plc, said on Saturday it has fixed a data leak that led to information on some of its customers, including their ID and passport data, becoming public.
The files of customers buying “TrueMove H” mobile packages had been “hacked”, it said in a statement following reports of the leak.
- Earlier report: Data of TrueMove H users leaked online
It was the first known instance of a major data leak from a mobile operator in Thailand.
Niall Merrigan, a Norway-based security researcher, detailed on his personal blog on Friday that he was able to access 32 gigabytes of True’s customer data, including identification cards and passports.
Mr Merrigan told Reuters the data was “public facing” and that he notified True of the leak in March.
The company said it would alert the customers affected by the hacking on measures it is taking to protect their data. It did not say how many customers or data files had been affected.
The National Broadcasting and Telecommunications Commission (NBTC) asked the company to clarify the matter on Tuesday before taking any action, secretary-general Takorn Tantasith said on Saturday.
True Corp is the second biggest mobile operator and a flagship company of billionaire Dhanin Chearavanont’s Charoen Pokphand Group.