The Ministry of Digital Affairs on Wednesday said it had resolved a security issue with a database used by vehicle rental service iRent after the personal information of tens of thousands of users was leaked.
The database, which was on a cloud server owned by Hotai Motor Co, “contained the names, mobile phone numbers, e-mail addresses, home addresses, drivers’ license photographs and partially redacted payment card details of the customers of iRent,” the Central News Agency reported.
The report said that the database was not password-protected and was accessible from anywhere on the Internet, and that the issue was resolved only after US-based online newspaper TechCrunch discovered it and contacted the ministry.
Democratic Progressive Party legislators Lai Pin-yu (賴品妤), Hung Sun-han (洪申翰), Liu Shih-fang (劉世芳) and Chuang Ching-cheng (莊競程) discussed the issue at a news conference on Jan. 18. The lawmakers said that in 2019, personal files of 200,000 civil servants were listed for sale on foreign Web sites, while in another incident local household registration records were advertised for sale online in 2020.
“Government officials have shown little concern and a lack of urgency in dealing with these national security breaches,” Liu said.
Private data breaches are occurring repeatedly, but government officials treat them on a “case-by-case” basis and have not taken concrete action to plug the leaks, Hung said.
To call the issue a national-security threat is an understatement. Leaked passenger data means that the Chinese Communist Party (CCP) could access the itineraries of Taiwanese politicians and democracy advocates. Leaked patient and customer data means voters could be targeted for extortion by agents of the CCP. Data breaches might help the CCP more easily identify people with jobs that give them access to politicians, military personnel or sensitive information such as defense secrets.
The establishment of the digital ministry was a step in the right direction, but it must be more proactive in proposing regulations for the storage and access of personal information.
Private companies and government agencies that handle data related to national security should be required to store the information offline in encrypted databases. No single person should be able to access complete data on their own, they should only have access to the parts of records that are necessary to complete their duties. Access to complete records should require two or more people to unlock the records with passwords or biometric signatures. This would prevent individuals from accessing complete records for unscrupulous purposes. Access to such information should be logged with department supervisors, and periodic audits should be conducted by an independent body.
Access to information is of growing importance as systems become digitized and automated. Loss of control of information can affect an individual’s ability to complete daily tasks such as pay bills, get medical coverage or access social media. Compromised data can also affect a business or government agency’s ability to operate. Data breaches have already led to government agencies, companies and even hospitals having databases ransomed by hackers demanding exorbitant payments before access is restored.
In the case of a hospital or critical infrastructure such as the power grid, this can be life-threatening.
The government must get serious about information security and must do it in a systematic, proactive way, rather than on a case-by-case basis. Failure to secure personal and sensitive data puts everyone at risk, particularly given the frequency with which China attacks data systems.
The Chinese Communist Party (CCP) continues to bully Taiwan by conducting military drills extremely close to Taiwan in late May 2024 and announcing a legal opinion in June on how they would treat “Taiwan Independence diehards” according to the PRC’s Criminal Code. This article will describe how China’s Anaconda Strategy of psychological and legal asphyxiation is employed. The CCP’s People’s Liberation Army (PLA) and Chinese Coast Guard (CCG) conducted a “punishment military exercise” against Taiwan called “Joint Sword 2024A” from 23-24 May 2024, just three days after President William Lai (賴清德) of the Democratic Progressive Party (DPP) was sworn in and
Former US president Donald Trump’s comments that Taiwan hollowed out the US semiconductor industry are incorrect. That misunderstanding could impact the future of one of the world’s most important relationships and end up aiding China at a time it is working hard to push its own tech sector to catch up. “Taiwan took our chip business from us,” the returnee US presidential contender told Bloomberg Businessweek in an interview published this week. The remarks came after the Republican nominee was asked whether he would defend Taiwan against China. It is not the first time he has said this about the nation’s
In a recent interview with the Malaysian Chinese-language newspaper Sin Chew Daily, former president Ma Ying-jeou (馬英九) called President William Lai (賴清德) “naive.” As always with Ma, one must first deconstruct what he is saying to fully understand the parallel universe he insists on defending. Who is being “naive,” Lai or Ma? The quickest way is to confront Ma with a series of pointed questions that force him to take clear stands on the complex issues involved and prevent him from his usual ramblings. Regarding China and Taiwan, the media should first begin with questions like these: “Did the Chinese Nationalist Party (KMT)
The Yomiuri Shimbun, the newspaper with the largest daily circulation in Japan, on Thursday last week published an article saying that an unidentified high-ranking Japanese official openly spoke of an analysis that the Chinese People’s Liberation Army (PLA) needs less than a week, not a month, to invade Taiwan with its amphibious forces. Reportedly, Japanese Prime Minister Fumio Kishida has already been advised of the analysis, which was based on the PLA’s military exercises last summer. A Yomiuri analysis of unclassified satellite photographs confirmed that the PLA has already begun necessary base repairs and maintenance, and is conducting amphibious operation exercises