Cyber Incident Victim: 104 Job Bank
Date:
Oct 2020
Location:
Taiwan
Summary
Chinese hackers compromised a Taiwanese job bank, stealing personal data of nearly six million individuals—approximately half of Taiwan's workforce—in the country's largest recorded data breach. The stolen information, sold on dark web forums for $500 to $1,000 per dataset, included historical records with persistent personal details. Attackers communicated in simplified Mandarin and claimed responsibility for breaching the employment platform while indicating other sites were also compromised. Authorities attributed the incident to actors based in China following their investigation into the dark web transactions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2020, Taiwanese authorities identified a major data breach involving the compromise of personal information belonging to nearly six million individuals—approximately half of Taiwan’s workforce—through an attack on 104 Job Bank, a prominent online employment platform. The breach, attributed to Chinese hackers by investigative officials, represented the largest known theft of personal data in Taiwan’s history at the time. During dark web monitoring operations, authorities discovered a user account named “rootkit” advertising approximately 35 distinct datasets for sale at prices ranging from $500 to $1,000 per dataset. Forensic analysis of forum communications revealed the attackers used simplified Mandarin characters, a writing system predominantly associated with mainland China, and explicitly claimed responsibility for infiltrating 104 Job Bank’s systems. The compromised data included historical records dating back to 2013, though investigators noted that certain categories of personal information within these records retained long-term validity despite their age.

104 Job Bank acknowledged the breach but asserted the stolen data originated from 2013 archives, implying potential limitations in the attackers’ access to current records. Authorities confirmed the job platform was not the sole victim, indicating broader targeting of Taiwanese online services by the same threat actors, though specific additional compromised entities were not publicly named. The exposure of sensitive workforce data raised concerns about identity theft risks and espionage targeting Taiwan’s labor market amid heightened geopolitical tensions with China. No technical details regarding intrusion methods, data exfiltration vectors, or containment measures were disclosed in available reporting. The incident underscored systemic vulnerabilities in Taiwan’s digital infrastructure while triggering official investigations into the dark web sales operation and the attackers’ infrastructure.
