Massive Thai Data Leak Claim Sparks Cybersecurity Concerns

Massive Thai Data Leak Claim Sparks Cybersecurity Concerns

BANGKOK, June 13, 2026 — A database allegedly containing the personal information of approximately 36.1 million Thai citizens has been offered for sale on an underground online forum, raising concerns over what could become one of the largest reported data exposures involving Thai citizens.

According to information published by cybersecurity monitoring outlet Daily Dark Web, the seller is offering the database for US$100,000 and is requesting payment in Monero (XMR), a cryptocurrency known for its privacy features and difficulty of tracing transactions.

The listing claims the database contains full names, telephone numbers, dates of birth, gender information and current addresses of Thai citizens. The seller further alleges that the information was compiled from both government and private-sector sources.

If authentic, cybersecurity analysts estimate the database could affect between 50% and 70% of Thailand’s adult population.

However, experts have stressed that the authenticity of the database has not yet been independently verified. At present, there is no confirmation regarding the true origin of the information, whether the records are current or outdated, or whether the database was assembled from multiple previous leaks rather than a single breach.

Cybersecurity specialists caution that large-scale claims involving tens of millions of records require extensive technical analysis before conclusions can be reached.

Should the data prove genuine, experts warn it could be exploited for a range of criminal activities, including identity theft, SIM-swap attacks, financial fraud, account takeover attempts and sophisticated social engineering schemes targeting individuals.

Analysts also noted that stolen personal information is frequently bought, sold and repackaged multiple times within dark web marketplaces, making it difficult to identify the original source of the data.

As of Friday, no government agency or private organisation had publicly confirmed or denied the alleged breach. Authorities are expected to examine the claims and determine whether any public or private databases may have been compromised.

Cybersecurity experts said further investigations will likely focus on verifying sample records, tracing the source of the information and determining whether the alleged database contains newly compromised data or information previously exposed in earlier incidents.

The case has already attracted significant attention within Thailand’s cybersecurity community due to the potential scale of the alleged exposure and the possible implications for millions of citizens if the claims are substantiated.