Cyber Incident Victim: Thai governmental job portal
Date:
Jan 2017
Location:
Thailand
Summary
Anonymous leaked personal and sensitive data from a Thai government job portal, including officials' and job seekers' names, company applications, payment details, phone numbers, bank accounts, emails, and encrypted passwords. The breach affected multiple departments, such as the Revenue Department and Ministry of Foreign Affairs. While withholding ID numbers, addresses, and family details to avoid harming citizens, the group cited opposition against an internet surveillance law as motivation, continuing their OpSingleGateway campaign targeting state entities since 2015. Leaked data was publicly accessible on the dark web, with the group claiming the released information represented only 1% of stolen files.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around January 10, 2017, the hacktivist group Anonymous breached multiple Thai government job portal subdomains under the job.*.go.th structure, leaking sensitive data from departments including the Revenue Department, Administrative Court, Fine Arts Department, Cooperative Auditing Department, Provincial Waterworks Authority, Public Debt Management Office, National Parks Department, Ministry of Information and Communications Technology, and Ministry of Foreign Affairs. The attackers exfiltrated databases containing thousands of records with job seekers' and officials' personal information such as full names, employer application histories, payment details, phone numbers, bank account numbers, email addresses, and encrypted passwords. Anonymous publicly disseminated the data through multiple dark web links, with independent verification confirming the authenticity and novelty of the leaked datasets. The group intentionally withheld citizens' national ID numbers, home addresses, and parental names to limit collateral damage, explicitly stating their opposition targeted the Thai regime rather than civilians. This attack formed part of Anonymous's sustained OpSingleGateway campaign against Thailand's internet surveillance laws, following prior breaches of Thai Police, government telecom providers, the Los Angeles consulate, Royal Navy, and Foreign Affairs Ministry between 2015-2017.
The leaked data represented approximately 1% of the total files stolen from the compromised portals, though the exact volume of affected accounts remained unverified. Anonymous justified the breach as an effort to amplify public awareness regarding digital rights and mobilize citizen opposition to government cyber controls, emphasizing their historical advocacy for human, animal, and environmental causes. No containment measures or technical responses from Thai authorities were documented in available sources at the time of reporting. The datasets remained publicly accessible for download without restriction upon initial disclosure. The operation continued Anonymous's pattern of disruptive actions against Thai infrastructure to protest legislation perceived as enabling state surveillance, though no direct evidence linked the job portal breach to subsequent legislative changes or policy reversals.