The Ministry of Digital Affairs on Wednesday said it had resolved a security issue with a database used by vehicle rental service iRent after the personal information of tens of thousands of users was leaked.
The database, which was on a cloud server owned by Hotai Motor Co, “contained the names, mobile phone numbers, e-mail addresses, home addresses, drivers’ license photographs and partially redacted payment card details of the customers of iRent,” the Central News Agency reported.
The report said that the database was not password-protected and was accessible from anywhere on the Internet, and that the issue was resolved only after US-based online newspaper TechCrunch discovered it and contacted the ministry.
Democratic Progressive Party legislators Lai Pin-yu (賴品妤), Hung Sun-han (洪申翰), Liu Shih-fang (劉世芳) and Chuang Ching-cheng (莊競程) discussed the issue at a news conference on Jan. 18. The lawmakers said that in 2019, personal files of 200,000 civil servants were listed for sale on foreign Web sites, while in another incident local household registration records were advertised for sale online in 2020.
“Government officials have shown little concern and a lack of urgency in dealing with these national security breaches,” Liu said.
Private data breaches are occurring repeatedly, but government officials treat them on a “case-by-case” basis and have not taken concrete action to plug the leaks, Hung said.
To call the issue a national-security threat is an understatement. Leaked passenger data means that the Chinese Communist Party (CCP) could access the itineraries of Taiwanese politicians and democracy advocates. Leaked patient and customer data means voters could be targeted for extortion by agents of the CCP. Data breaches might help the CCP more easily identify people with jobs that give them access to politicians, military personnel or sensitive information such as defense secrets.
The establishment of the digital ministry was a step in the right direction, but it must be more proactive in proposing regulations for the storage and access of personal information.
Private companies and government agencies that handle data related to national security should be required to store the information offline in encrypted databases. No single person should be able to access complete data on their own, they should only have access to the parts of records that are necessary to complete their duties. Access to complete records should require two or more people to unlock the records with passwords or biometric signatures. This would prevent individuals from accessing complete records for unscrupulous purposes. Access to such information should be logged with department supervisors, and periodic audits should be conducted by an independent body.
Access to information is of growing importance as systems become digitized and automated. Loss of control of information can affect an individual’s ability to complete daily tasks such as pay bills, get medical coverage or access social media. Compromised data can also affect a business or government agency’s ability to operate. Data breaches have already led to government agencies, companies and even hospitals having databases ransomed by hackers demanding exorbitant payments before access is restored.
In the case of a hospital or critical infrastructure such as the power grid, this can be life-threatening.
The government must get serious about information security and must do it in a systematic, proactive way, rather than on a case-by-case basis. Failure to secure personal and sensitive data puts everyone at risk, particularly given the frequency with which China attacks data systems.
Donald Trump’s return to the White House has offered Taiwan a paradoxical mix of reassurance and risk. Trump’s visceral hostility toward China could reinforce deterrence in the Taiwan Strait. Yet his disdain for alliances and penchant for transactional bargaining threaten to erode what Taiwan needs most: a reliable US commitment. Taiwan’s security depends less on US power than on US reliability, but Trump is undermining the latter. Deterrence without credibility is a hollow shield. Trump’s China policy in his second term has oscillated wildly between confrontation and conciliation. One day, he threatens Beijing with “massive” tariffs and calls China America’s “greatest geopolitical
Chinese Nationalist Party (KMT) Chairwoman Cheng Li-wun (鄭麗文) made the astonishing assertion during an interview with Germany’s Deutsche Welle, published on Friday last week, that Russian President Vladimir Putin is not a dictator. She also essentially absolved Putin of blame for initiating the war in Ukraine. Commentators have since listed the reasons that Cheng’s assertion was not only absurd, but bordered on dangerous. Her claim is certainly absurd to the extent that there is no need to discuss the substance of it: It would be far more useful to assess what drove her to make the point and stick so
The central bank has launched a redesign of the New Taiwan dollar banknotes, prompting questions from Chinese Nationalist Party (KMT) legislators — “Are we not promoting digital payments? Why spend NT$5 billion on a redesign?” Many assume that cash will disappear in the digital age, but they forget that it represents the ultimate trust in the system. Banknotes do not become obsolete, they do not crash, they cannot be frozen and they leave no record of transactions. They remain the cleanest means of exchange in a free society. In a fully digitized world, every purchase, donation and action leaves behind data.
Yesterday, the Chinese Nationalist Party (KMT), once the dominant political party in Taiwan and the historic bearer of Chinese republicanism, officially crowned Cheng Li-wun (鄭麗文) as its chairwoman. A former advocate for Taiwanese independence turned Beijing-leaning firebrand, Cheng represents the KMT’s latest metamorphosis — not toward modernity, moderation or vision, but toward denial, distortion and decline. In an interview with Deutsche Welle that has now gone viral, Cheng declared with an unsettling confidence that Russian President Vladimir Putin is “not a dictator,” but rather a “democratically elected leader.” She went on to lecture the German journalist that Russia had been “democratized
RSS