The Ministry of Digital Affairs is to conduct a “resilience inspection” among government agencies that have authorization to access personal data after a data security loophole in the Ministry of Finance’s e-invoice platform was identified by a “white-hat hacker,” Minister of Digital Affairs Audrey Tang (唐鳳) said yesterday.
Tang was asked to brief lawmakers on the legislature’s Transportation Committee what the government would do to enhance information security among government agencies in light of the discovery, as well as a series of data security breaches in the private sector.
If exploited, the loophole would affect about 20 percent of businesses on the e-invoice platform that did not register using business certificate IDs issued by the Ministry of Economic Affairs, Ministry of Finance Fiscal Information Agency Director-General Chang Wen-hsi (張文熙) told the committee.
Photo: Reuters
“We are conducting a comprehensive inspection of these accounts. They would be required to change their passwords if the ones they have are vulnerable to data breaches,” Chang said.
The Ministry of Digital Affairs is also to inspect whether passwords set by government agencies are susceptible to malicious attacks, which was not previously a factor in data security inspections, Tang said.
A “zero trust” policy is to be implemented which requires government agencies to have a multilayered mechanism to protect information, she said, adding that the system must not be guarded by just one set of passwords.
“We will begin within one to two months a resilience inspection of common technical components used by government agencies that have authorization to access personal data. We will submit to the committee a report on the types of data security risks facing different agencies in three months,” Tang said.
A resilience inspection is similar to a fire safety inspection, where the management of a building might be asked to use fireproof materials at certain locations to prevent fire, she said.
SHOPEE SANCTION
In other developments, the Ministry of Digital Affairs is to issue an administrative sanction before the end of this month to Singapore-based e-commerce platform Shopee (蝦皮) following repeated personal data leaks, it said.
A report on a personal data leak at Eslite Bookstore would be published this week and an administrative sanction issued next week, Tang said.
While information security firms retained by Eslite Bookstore did not find problems with the company’s database, the ministry is examining whether the leak occurred at logistics operators or third-party payment platform operators working with the bookstore, she said.
The alleged data leak at the the nation’s largest bookstore was made public after Here I Stand Project deputy secretary-general Cynthia Yang (楊欣慈) on May 14 said she received a telephone call, with the caller claiming to be from Eslite’s marketing department and wanting to know what Yang thought about If China Attacks (阿共打來怎麼辦), a book she purchased online in February.
The caller told Yang they were seeking feedback from readers because the book has “sensitive and inappropriate” content, and said that Taiwan would never win a war against a military as powerful as China’s and should not expect the US to come to the rescue.
WHEELING AND DEALING? Hou You-yi, Ko Wen-je, Eric Chu and Ma Ying-jeou are under investigation for allegedly offering bribes for the other side to drop out of the race Taipei prosecutors have started an investigation into allegations that four top politicians involved in attempts to form a “blue-white” presidential ticket have contravened election regulations. Listed as defendants are Chinese Nationalist Party (KMT) presidential candidate and New Taipei City Mayor Hou You-yi (侯友宜), KMT Chairman Eric Chu (朱立倫), former president Ma Ying-jeou (馬英九) of the KMT and Taiwan People’s Party (TPP) Chairman and presidential candidate Ko Wen-je (柯文哲). The case stemmed from judicial complaints filed last month with the Taipei District Prosecutors’ Office alleging that the KMT (blue) and the TPP (white) had engaged in bribery by offering money or other enticements
ELIGIBLE FOR JANUARY: All presidential candidates and their running mates meet the requirements to run for office, and none hold dual citizenship, the CEC said Taiwan People’s Party (TPP) Legislator and vice presidential candidate Cynthia Wu (吳欣盈) is working with the Central Election Commission (CEC) to resolve issues with her financial disclosure statement, a spokesman for the candidate said yesterday, after the commission published the statements of all three presidential candidates and their running mates, while confirming their eligibility to run in the Jan. 13 election. Wu’s office spokesman, Chen Yu-cheng (陳宥丞), said the candidate encountered unforeseen difficulties disclosing her husband’s finances due to being suddenly thrust into the campaign. She is also the first vice presidential nominee to have a foreign spouse, complicating the reporting of
GOOD NEWS: Although open civic spaces are shrinking in Asia-Pacific countries and territories, Taiwan’s openness is a positive sign, an expert said Taiwan remains the only country in Asia with an “open” civic space for the fifth consecutive year, the Civicus Monitor said in a report released yesterday. The People Power Under Attack 2023 report named Taiwan as one of only 37 open countries or territories out of 198 globally, and the only one in Asia. Compiled by Civicus — a global alliance of civil society organizations dedicated to bolstering civil action — the ranking compiled annually since 2017 measures the state of freedom of association, peaceful assembly and expression around the world. Researchers assign each country or territory one of five rankings describing the
NOT JUST CHIPS: Although semiconductor processes are on the list, it also includes military technology and post-quantum cryptography to combat emerging cyberthreats The National Science and Technology Council (NSTC) yesterday released a list of 22 technologies it considers crucial to the nation’s security and competitiveness, including the 14-nanometer semiconductor process and advanced chip packaging. For the first time, the council made a list of core technologies with an aim of preventing secret information about those technologies being leaked to foreign countries, which could put the nation’s security and the competitiveness of local industries at risk. For years, local semiconductor companies have faced challenges from talent poaching and theft of corporate secrets by Chinese competitors, who are seeking to rapidly advance their technology capabilities through