Menu
Browse

Cyber Incident Victim: Taiwan Job Bank 1111

Date:

Oct 2020

Location:

Taiwan

Summary

Chinese hackers compromised a Taiwanese job bank, resulting in the theft of personal data belonging to nearly six million individuals—approximately half of Taiwan's workforce—marking the country's largest recorded data breach. The stolen information, including types that remain static over time, was sold on dark web forums via an account named "rootkit" for $500 to $1,000 per dataset. Authorities attributed the attack to actors from China based on their use of simplified Mandarin in communications and claims of breaching multiple targets beyond the primary job site.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 2 techniques
Threat Actor Type Location
1 actor Available to members Available to members

Description

In October 2020, amid heightened geopolitical tensions between China and Taiwan, a significant data breach occurred targeting Taiwanese employment platforms, most notably the 104 Job Bank. Hackers believed to be operating from China infiltrated these systems and exfiltrated personal data belonging to approximately six million individuals, representing nearly half of Taiwan’s workforce. The stolen datasets appeared for sale on dark web forums, where an account using the alias “rootkit” advertised approximately 35 distinct datasets at prices ranging from $500 to $1,000 each. Taiwanese authorities identified the incident after monitoring these illicit marketplaces, where threat actors communicated in simplified Mandarin—a linguistic characteristic associated with mainland China—and explicitly claimed responsibility for compromising 104 Job Bank. The hackers asserted they possessed data from the job site and actively sought buyers for the information.

Cyber Incident Image

Authorities confirmed the breach as Taiwan’s largest recorded data compromise at the time. While 104 Job Bank publicly stated the stolen data originated from 2013 records, investigators noted that certain categories of personal information, such as national identification numbers or birthdates, remain permanently relevant regardless of age. The breach extended beyond 104 Job Bank, affecting additional unspecified Taiwanese online platforms, though the full scope of these compromises was not detailed in initial reports. No containment measures or remediation actions by the affected entities were disclosed. The incident intensified concerns over cross-strait cyber aggression, with the stolen data posing risks of identity theft and financial fraud against millions of citizens.

Sources
Sources available to members
1 source