Online data breaches have been detected at two large banks last week, says the Bank of Thailand.
Second-largest lender Krungthai Bank (KTB) and fourth-ranked Kasikornbank (KBank) told the central bank some of their data were compromised, Ronadol Numnonda, assistant governor of the central bank’s Supervision Group, said on Tuesday.
KBank found data of some of its corporate clients, which generally are public information, had been hacked while Krungthai Bank’s loan application forms filed online by some retail and corporate customers were stolen.
“The two lenders have checked for damage. They have yet to find customers affected by the breaches since the leaked data were not financial transactions,” Mr Ronadol said.
Both banks have applied fixes and checked related work processes. Experts were also brought in to evaluate all systems to ensures security, he added.
The central bank also told the two banks to enhance their cybersecurity, ensure other customers won’t be affected and communicate with those who were.
“We instructed it to prepare remedial measures in the event of damage and urged other financial institutions to plug the loophole,” he said.
KBank president Pipit Aneaknithi said the bank found last Wednesday a list of 3,000 names of of its corporate customers which used its letter of guarantee online service might have leaked.
“We acted immediately, applied the fix and upgraded monitoring to prevent future leaks,” Mr Pipit said.
The leaked data were considered public such as company names and telephone numbers, not financial transactions, he added.
KTB president and CEO Payong Srivanich said a routine check on the bank’s IT system found basic data , mainly loan applications of retail customers applying online, were stolen.
“Thanks to data protection measures, we managed to stop the leak and limit the impact, with no financial damage.”
A majority of leaked data at KTB involved mortgage applications of retail customers through the website’s Super Easy channel. Of the 120,000 customers affected, 3000 were corporate customers.
“We haven’t found any financial damage in this group and will notify them about the leak,” Mr Payong said.