Client data taken in hacking at two Thai banks

[webfact]

Client data taken in hacking at two Thai banks

BY THE NATION

 

REUTERS/Kacper Pempel/Illustration

 

Kasikorn Bank and Krung Thai Bank said they had detected theft of customer information through hacking at their websites, adding that immediate actions were taken to close the loophole and the level of data surveillance and protection have been raised.

 

Kasikorn Bank’s president Pipit Aneaknithi said that on July 25, KBank found that 3,000 names of KBank’s corporate customers using KBank’s website for providing letter of guarantee (LG) service might be leaked.

 

As soon as KBank detected this irregularity, we immediately closed the loophole and increased the level of data surveillance and protection to prevent potential leak. Meanwhile, Krung Thai Bank also found the track hacking its customers information about loan application but it did not cause damage to its customers.

 

However, Bank of Thailand has asked both banks to restrict their cyber securities system, said Ronadol Numnonda, assistant governor/supervision group, yesterday.

 

Source: https://tech.thaivisa.com/client-data-taken-hacking-two-thai-banks/29308/

 

-- THAI TECH 2018-2018-08-01

[Jonathan Fairfield]

Krung Thai Bank, KBank increase protective measures after data "hack"

 

BANGKOK (Reuters) - Thailand's Krung Thai Bank Pcl (KTB) <KTB.BK> and Kasikornbank Pcl (Kbank) <KBANK.BK> said their systems were hacked, exposing client information, but reported no financial damage and pledged to tighten up cybersecurity.

 

Data from 120,000 mostly retail clients using Krung Thai's online loan request platform were hacked over the weekend, KTB Chief Executive Payong Srivanich said in a statement.

 

KTB said that no money was lost in the attack.

 

Kasikornbank said that 3,000 corporate customer names may have been leaked after a hacking attempt, President Pipit Aneaknithi said in a statement.

 

After detecting the irregularity on July 25, Kbank increased the data surveillance and protection.

 

The leaked information included names and phone numbers but not financial data, Kbank said.

 

Earlier, the Bank of Thailand asked both lenders to tighten their cybersecurity measures and prepare to compensate clients in case of losses.

 

(Reporting by Orathai Sriring, Chayut Setboonsarng; Editing by Christian Schmollinger and Louise Heavens)

 

 

-- © Copyright Reuters 2018-08-01

[BobBKK]

it's... it's... it's the Russians! 

[rkidlad]

When using my debit card in Tops and Villa, I don't even sign any more. They just give me the receipt. Don't understand how that works. 

[mok199]

if you have my info ''please make a deposit '' my boy needs shoes and books for school

[from the home of CC]

I'll never pay for a purchase (store or online) with my k card. I believe there's a lot smarter hackers out there than the IT security people that work for the banks here. Also, if it did happen, would my bank be prompt in returning my money? Had this happen to me a few years back (in the west) when I bought something online and it was corrected in 10 minutes after discovery, no questions asked. You could wait a long time for a favorable result here.

[thequietman]

Tried to use my ATM card on the Pink banks machine and I couldn't because it said on the screen - this is a pirated copy of windows, contact administrator - I sh*t you not.

[Cheops]

4 hours ago, rkidlad said:

When using my debit card in Tops and Villa, I don't even sign any more. They just give me the receipt. Don't understand how that works. 

Well, they never verify signatures anyway, so it doesn't really matter does it? 

[rkidlad]

46 minutes ago, Cheops said:

Well, they never verify signatures anyway, so it doesn't really matter does it? 

I get a text message instantly from my bank as soon as a transaction has taken place. Just don't understand why they don't require the signature anymore. 

[Cheops]

2 minutes ago, rkidlad said:

I get a text message instantly from my bank as soon as a transaction has taken place. Just don't understand why they don't require the signature anymore. 

At Tops they don't require a signature in case the purchase is below some threshold for cc payments. Not sure if this is the same for debit cards? 

[rkidlad]

18 minutes ago, Cheops said:

At Tops they don't require a signature in case the purchase is below some threshold for cc payments. Not sure if this is the same for debit cards? 

That’s probably it. Never spend over about 2k in there. They used to ask for a signature. 

[dinsdale]

6 hours ago, BobBKK said:

it's... it's... it's the Russians! 

Chinese more likely.

[Classic Ray]

Maybe the banks charge Tops extra if they verify a transaction, and Tops take a calculated risk not to check. Or perhaps Tops download a list of stolen/lost/cancelled cards periodically and check locally.

[TallGuyJohninBKK]

1 hour ago, rkidlad said:

I get a text message instantly from my bank as soon as a transaction has taken place. Just don't understand why they don't require the signature anymore. 

 

AFAIK, locally here, they seem to have adopted a policy where smaller value purchases (I'm not sure the amount, under 500 baht or something like that) no longer require a signature with a card purchase.

 

But IME, if you're buying something with a larger value like 800 or 1000 baht or more on a credit or debit card, the merchants are still going to want your signature on the card slip.

 

I pretty much only use debit cards, so I'd say the policy is the same for credit and debit cards.

 

 

[55Jay]

2 hours ago, Cheops said:

Well, they never verify signatures anyway, so it doesn't really matter does it? 

Not entirely true.  A cashier at the mall supermarket noted the back of my wife's new credit card wasn't signed, and insisted it should be for "security reasons". 

 

Wife signed the back as commanded.

 

Cashier examined the ink carefully from the pen she had just loaned my wife, then processed the payment. ? 

[Medicine Man]

Bangkok Bank m banking seems to be down at the moment with an automated message  stating the system is down on their help desk. Are they having the same issues....

[snoop1130]

KBank admits data hack

By The Nation

 

Pipit Aneaknithi, Kasikornbank president, revealed that on July 25, KBank found that 3,000 names of corporate customers using KBank’s website for the letter of guarantee service might have been leaked.

 

As soon as KBank detected the irregularity, it said it immediately closed the loophole and increased the level of data surveillance and protection to prevent potential leaks.

 

The data that may have been leaked was the names and telephone numbers of KBank’s corporate customers using the letter of guarantee service via the website only. 

 

Such data is not important information related to transactions or financial data of customers, the bank said. 

 

It cannot be used for illegal purposes, it said. “According to an inspection, no damage has been found with any customers. However, KBank will closely and constantly monitor any irregularity in our customers’ accounts. 

 

“Based on preliminary investigations, there have been hacking attempts to break into the systems of various organisations. 

 

“KBank has already reported this incident to the Bank of Thailand and planned to inform our corporate customers affected by this hacking attempt individually. 

 

“If our customers notice anything suspicious, KBank is ready to take responsibility and provide assistance.”

 

The helpline is 02-8888822, 24 hours per day.

 

Source: http://www.nationmultimedia.com/detail/business/30351237

 

-- © Copyright The Nation 2018-8-1

[rickudon]

Strange that some people said they do not have to sign anymore. Last week in BIGC i paid a large shopping bill by Credit card (UK one) - and no pin, not asked to sign - just given receipt - first time that's ever happened. Mind you the signing bit was worthless anyway as they never check! They did wait quite a while for confirmation , i wonder if they keep a list of valid cards used in shop?

[Srikcir]

14 hours ago, snoop1130 said:

It cannot be used for illegal purposes

So the hacking was just a playful exercise?

 

14 hours ago, snoop1130 said:

However, KBank will closely and constantly monitor any irregularity in our customers’ accounts. 

So suspicions remain that there could be illegal purposes to the hack.

While existing K-bank customers might not be a future target from this hack, other companies might be.

Or in the alternative perhaps knowing the full range of the bank's electronic vulnerability with regard to letters of guarantee, hackers could use fake companies to obtain electronic letters of guarantee service for illegal purposes.

[IAMHERE]

3,000 isn't that many; probably should publish the names, account numbers, and passwords of the breached just to be safe.