Chinese firm Oppo ordered to investigate data breach in Thailand

Chinese consumer electronics company Oppo has been ordered to conduct an urgent investigation and risk assessment following allegations of data breach.

The Personal Data Protection Commission (PDPC) issued the alert warrant to Oppo following a post on the dark web offering for sale 165 gigabytes of Oppo Thailand data for US$20,000 (approximately 680,000 baht). The data reportedly included sensitive information such as customer details, employee data from the HR system, and internal operational insights.

Oppo has been instructed to report its findings within 72 hours, clarifying whether a data breach had occurred and outlining the measures taken to prevent and mitigate any potential damage.

"If it is found that any individual or entity has violated the Personal Data Protection Act or caused harm, the PDPC will investigate, gather evidence, and report the findings to the expert committee for further administrative consideration," the PDPC stated.

The PDPC’s Eagle Eye unit is tasked with monitoring and investigating potential personal data breaches. Its responsibilities include:

• Investigating online information for potential threats to individual rights and freedoms.
• Collecting and monitoring data on the internet, including receiving violation reports.
• Analysing data and presenting findings to senior management.
• Verifying evidence according to international standards.
   

The Eagle Eye unit employs a sophisticated system to scan search engines like Google, the dark web, and social media platforms for evidence of data breaches. This system leverages the expertise of personnel with a strong understanding of both PDPA law and technology.

The PDPC currently monitors approximately 100 websites daily. In the event of a suspected breach, the unit collaborates with the relevant authorities, including the National Cyber Security Committee and the Technology Crime Suppression Division, to investigate and enforce relevant legislation.