The Ministry of Digital Affairs is to conduct a “resilience inspection” among government agencies that have authorization to access personal data after a data security loophole in the Ministry of Finance’s e-invoice platform was identified by a “white-hat hacker,” Minister of Digital Affairs Audrey Tang (唐鳳) said yesterday.
Tang was asked to brief lawmakers on the legislature’s Transportation Committee what the government would do to enhance information security among government agencies in light of the discovery, as well as a series of data security breaches in the private sector.
If exploited, the loophole would affect about 20 percent of businesses on the e-invoice platform that did not register using business certificate IDs issued by the Ministry of Economic Affairs, Ministry of Finance Fiscal Information Agency Director-General Chang Wen-hsi (張文熙) told the committee.
Photo: Reuters
“We are conducting a comprehensive inspection of these accounts. They would be required to change their passwords if the ones they have are vulnerable to data breaches,” Chang said.
The Ministry of Digital Affairs is also to inspect whether passwords set by government agencies are susceptible to malicious attacks, which was not previously a factor in data security inspections, Tang said.
A “zero trust” policy is to be implemented which requires government agencies to have a multilayered mechanism to protect information, she said, adding that the system must not be guarded by just one set of passwords.
“We will begin within one to two months a resilience inspection of common technical components used by government agencies that have authorization to access personal data. We will submit to the committee a report on the types of data security risks facing different agencies in three months,” Tang said.
A resilience inspection is similar to a fire safety inspection, where the management of a building might be asked to use fireproof materials at certain locations to prevent fire, she said.
SHOPEE SANCTION
In other developments, the Ministry of Digital Affairs is to issue an administrative sanction before the end of this month to Singapore-based e-commerce platform Shopee (蝦皮) following repeated personal data leaks, it said.
A report on a personal data leak at Eslite Bookstore would be published this week and an administrative sanction issued next week, Tang said.
While information security firms retained by Eslite Bookstore did not find problems with the company’s database, the ministry is examining whether the leak occurred at logistics operators or third-party payment platform operators working with the bookstore, she said.
The alleged data leak at the the nation’s largest bookstore was made public after Here I Stand Project deputy secretary-general Cynthia Yang (楊欣慈) on May 14 said she received a telephone call, with the caller claiming to be from Eslite’s marketing department and wanting to know what Yang thought about If China Attacks (阿共打來怎麼辦), a book she purchased online in February.
The caller told Yang they were seeking feedback from readers because the book has “sensitive and inappropriate” content, and said that Taiwan would never win a war against a military as powerful as China’s and should not expect the US to come to the rescue.
TRAGEDY STRIKES TAIPEI: The suspect died after falling off a building after he threw smoke grenades into Taipei Main Station and went on a killing spree in Zhongshan A 27-year-old suspect allegedly threw smoke grenades in Taipei Main Station and then proceeded to Zhongshan MRT Station in a random killing spree that resulted in the death of the suspect and two other civilians, and seven injured, including one in critical condition, as of press time last night. The suspect, identified as a man surnamed Chang Wen (張文), allegedly began the attack at Taipei Main Station, the Taipei Fire Department said, adding that it received a report at 5:24pm that smoke grenades had been thrown in the station. One man in his 50s was rushed to hospital after a cardiac arrest
SAFETY FIRST: Double the number of police were deployed at the Taipei Marathon, while other cities released plans to bolster public event safety Authorities across Taiwan have stepped up security measures ahead of Christmas and New Year events, following a knife and smoke bomb attack in Taipei on Friday that left four people dead and 11 injured. In a bid to prevent potential copycat incidents, police deployments have been expanded for large gatherings, transport hubs, and other crowded public spaces, according to official statements from police and city authorities. Taipei Mayor Chiang Wan-an (蔣萬安) said the city has “comprehensively raised security readiness” in crowded areas, increased police deployments with armed officers, and intensified patrols during weekends and nighttime hours. For large-scale events, security checkpoints and explosives
A car bomb killed a senior Russian general in southern Moscow yesterday morning, the latest high-profile army figure to be blown up in a blast that came just hours after Russian and Ukrainian delegates held separate talks in Miami on a plan to end the war. Kyiv has not commented on the incident, but Russian investigators said they were probing whether the blast was “linked” to “Ukrainian special forces.” The attack was similar to other assassinations of generals and pro-war figures that have either been claimed, or are widely believed to have been orchestrated, by Ukraine. Russian Lieutenant General Fanil Sarvarov, 56, head
PUBLIC SAFETY: The premier said that security would be tightened in transport hubs, while President Lai commended the public for their bravery The government is to deploy more police, including rapid response units, in crowded public areas to ensure a swift response to any threats, President William Lai (賴清德) said yesterday after a knife attack killed three people and injured 11 in Taipei the previous day. Lai made the remarks following a briefing by the National Police Agency on the progress of the investigation, saying that the attack underscored the importance of cooperation in public security between the central and local governments. The attack unfolded in the early evening on Friday around Taipei Main Station’s M7 exit and later near the Taipei MRT’s Zhongshan
RSS