Political relationship between China and Taiwan is highly tense, a factor that Chinese hackers have exploited to steal data of six million Taiwanese people from a job bank, becoming the largest data breach incident in the country’s history.
Reportedly, Chinese hackers targeted a Taiwanese job bank and sold the data via a dark web forum. Taiwanese government says its workforce is around 12 million people, which means threat actors were able to steal half of the employable citizens. The incident occurred a few days ago, before the October 1st festival, and country’s information security experts detected the breach after an in-depth research looking for illegal markets on dark web.
After the incident was reported to the authorities, a group of researchers detected that a dark web user known as “rootkit” was selling over 35 data sets for up to $1k USD for each. Short after, some researchers attributed the cyberattack to Chinese hackers as the related dark web posts were written in simplified Mandarin.
Among the compromised data, the researchers found details such as:
- Full names
- Birth dates
- Email addresses
- Applicants’ ID number, mobile number and home address
On the other hand, the affected job bank issued a statement claiming that the exposed data came from an out to date database, making it necessary to do further investigation to determine if some of this data are still used.
The job bank added that it had informed Taipei’s Department of Labor, but many of the out to date information such as email IDs, mobile numbers and house addresses don’t change for many years, meaning that victims will be vulnerable to potential phishing attacks.
Cybersecurity experts say that there could be more victims besides the job bank, as multiple posts on dark web have been advertising the sale of leaked databases. The job bank said that it has since strengthened its network security. However, it has also set up a fund of 200 million Yuan to compensate those whose data was leaked.