By Lee Hsin-fang and Jonathan Chin / Staff reporter, with staff writer

The Executive Yuan is conducting cybersecurity exercises — including simulated attempts to gain access to confidential data through social engineering — to test the security of government offices, a senior official said over the weekend.

The drills are in response to a massive security breach on June 22 at the Directorate-General of Budget, Accounting and Statistics, which compromised the private data of 243,000 civil servants, including their name, national identification number and place of employment, the official said, on condition of anonymity.

The information had been made available on foreign Web sites, the Ministry of Civil Service said at the time.

The Ministry of Justice’s Investigation Bureau said it had launched an investigation to determine the origin of the hack.

The Executive Yuan’s Department of Cyber Security is holding the drills to bolster cybersecurity awareness at government agencies, the source said, adding that one such exercise is being conducted now and would conclude in November.

For the exercise, department experts are playing the role of hackers and would be sending e-mails that either phish for information or contain simulated malware to employees at government agencies, as a test of their cybersecurity awareness, the source said.

A large-scale cybersecurity exercise to identify vulnerabilities of government Web sites and systems is planned for later this year, the source said, adding that foreign security experts would observe the drill.

When asked for comment, Executive Yuan officials refused to confirm or deny the story, citing the sensitivity of the issue.

Last year, the Legislative Yuan passed the Cyber Security Management Act (資通安全管理法) to streamline cybersecurity at government agencies and to establish mechanisms for reporting and responding to breaches.

The legislation came into effect on Jan. 1.