The Ministry of Digital Affairs is to conduct a “resilience inspection” among government agencies that have authorization to access personal data after a data security loophole in the Ministry of Finance’s e-invoice platform was identified by a “white-hat hacker,” Minister of Digital Affairs Audrey Tang (唐鳳) said yesterday.
Tang was asked to brief lawmakers on the legislature’s Transportation Committee what the government would do to enhance information security among government agencies in light of the discovery, as well as a series of data security breaches in the private sector.
If exploited, the loophole would affect about 20 percent of businesses on the e-invoice platform that did not register using business certificate IDs issued by the Ministry of Economic Affairs, Ministry of Finance Fiscal Information Agency Director-General Chang Wen-hsi (張文熙) told the committee.
Photo: Reuters
“We are conducting a comprehensive inspection of these accounts. They would be required to change their passwords if the ones they have are vulnerable to data breaches,” Chang said.
The Ministry of Digital Affairs is also to inspect whether passwords set by government agencies are susceptible to malicious attacks, which was not previously a factor in data security inspections, Tang said.
A “zero trust” policy is to be implemented which requires government agencies to have a multilayered mechanism to protect information, she said, adding that the system must not be guarded by just one set of passwords.
“We will begin within one to two months a resilience inspection of common technical components used by government agencies that have authorization to access personal data. We will submit to the committee a report on the types of data security risks facing different agencies in three months,” Tang said.
A resilience inspection is similar to a fire safety inspection, where the management of a building might be asked to use fireproof materials at certain locations to prevent fire, she said.
SHOPEE SANCTION
In other developments, the Ministry of Digital Affairs is to issue an administrative sanction before the end of this month to Singapore-based e-commerce platform Shopee (蝦皮) following repeated personal data leaks, it said.
A report on a personal data leak at Eslite Bookstore would be published this week and an administrative sanction issued next week, Tang said.
While information security firms retained by Eslite Bookstore did not find problems with the company’s database, the ministry is examining whether the leak occurred at logistics operators or third-party payment platform operators working with the bookstore, she said.
The alleged data leak at the the nation’s largest bookstore was made public after Here I Stand Project deputy secretary-general Cynthia Yang (楊欣慈) on May 14 said she received a telephone call, with the caller claiming to be from Eslite’s marketing department and wanting to know what Yang thought about If China Attacks (阿共打來怎麼辦), a book she purchased online in February.
The caller told Yang they were seeking feedback from readers because the book has “sensitive and inappropriate” content, and said that Taiwan would never win a war against a military as powerful as China’s and should not expect the US to come to the rescue.
‘ABUSE OF POWER’: Lee Chun-yi allegedly used a Control Yuan vehicle to transport his dog to a pet grooming salon and take his wife to restaurants, media reports said Control Yuan Secretary-General Lee Chun-yi (李俊俋) resigned on Sunday night, admitting that he had misused a government vehicle, as reported by the media. Control Yuan Vice President Lee Hung-chun (李鴻鈞) yesterday apologized to the public over the issue. The watchdog body would follow up on similar accusations made by the Chinese Nationalist Party (KMT) and would investigate the alleged misuse of government vehicles by three other Control Yuan members: Su Li-chiung (蘇麗瓊), Lin Yu-jung (林郁容) and Wang Jung-chang (王榮璋), Lee Hung-chun said. Lee Chun-yi in a statement apologized for using a Control Yuan vehicle to transport his dog to a
Taiwan yesterday denied Chinese allegations that its military was behind a cyberattack on a technology company in Guangzhou, after city authorities issued warrants for 20 suspects. The Guangzhou Municipal Public Security Bureau earlier yesterday issued warrants for 20 people it identified as members of the Information, Communications and Electronic Force Command (ICEFCOM). The bureau alleged they were behind a May 20 cyberattack targeting the backend system of a self-service facility at the company. “ICEFCOM, under Taiwan’s ruling Democratic Progressive Party, directed the illegal attack,” the warrant says. The bureau placed a bounty of 10,000 yuan (US$1,392) on each of the 20 people named in
The High Court yesterday found a New Taipei City woman guilty of charges related to helping Beijing secure surrender agreements from military service members. Lee Huei-hsin (李慧馨) was sentenced to six years and eight months in prison for breaching the National Security Act (國家安全法), making illegal compacts with government employees and bribery, the court said. The verdict is final. Lee, the manager of a temple in the city’s Lujhou District (蘆洲), was accused of arranging for eight service members to make surrender pledges to the Chinese People’s Liberation Army in exchange for money, the court said. The pledges, which required them to provide identification
INDO-PACIFIC REGION: Royal Navy ships exercise the right of freedom of navigation, including in the Taiwan Strait and South China Sea, the UK’s Tony Radakin told a summit Freedom of navigation in the Indo-Pacific region is as important as it is in the English Channel, British Chief of the Defence Staff Admiral Tony Radakin said at a summit in Singapore on Saturday. The remark came as the British Royal Navy’s flagship aircraft carrier, the HMS Prince of Wales, is on an eight-month deployment to the Indo-Pacific region as head of an international carrier strike group. “Upholding the UN Convention on the Law of the Sea, and with it, the principles of the freedom of navigation, in this part of the world matters to us just as it matters in the
RSS