The bust was announced on Monday at the Cyber Crime Investigation Bureau in Bangkok in the wake of the police’s Data Guardians Operation.
The operation is a follow-up to the arrest of an engineer in Phuket province back in July. The suspect had allegedly sold the personal data of more than 2 million persons to “shady businesses”, the chief of cybercrime police Pol Lt Gen Worawat Watnakornbancha said.
He added that investigators tracked the source through which the suspect had bought the data via the dark web, which sees transactions of over 400,000 baht per month.
The investigation led to three separate suspects involved in the stealing and selling of personal information, he said.
The first suspect is Phasin (last name withheld), 41, a broker of an insurance company who allegedly siphoned personal information from the company’s client database.
The second suspect, Nattapong (last name withheld), 28, is a programmer who allegedly developed an API (application programming interface) to bypass facial scanning, a scamming countermeasure put in place by the Bank of Thailand for online transactions of more than 50,000 baht.
The last suspect, Yodchai (last name withheld), 24, allegedly acted as an administrator of a facebook group that sold the personal data of over 15 million victims.
The data stolen is classified as “grade A” personal information, consisting of name, surname, 13-digit ID card number, telephone number and bank account number, Worawat said.
The three have been charged with offences under the Computer-Related Crimes and Personal Data Protection acts.
Worawat added that police will also investigate the security system of the insurance company from where the data is suspected to have been stolen.