Chaichanok Chidchob summons Facebook over Thai data leak as crackdown intensifies

Digital Economy and Society Minister Chaichanok Chidchob announced that he will summon executives from Meta, the parent company of Facebook, for a meeting on November 20, to explain why the platform allowed “Secret groups” to use Facebook as a large-scale marketplace for trading Thais’ personal data.

The move follows the discovery of a vast data-trading network involving more than nine million names, exposed after a recent operation by Thai authorities. Facebook is facing mounting pressure in Thailand after revelations that secret groups on the platform were openly selling citizens’ data without oversight — a serious national security concern that requires Meta’s direct explanation to the Thai government.

“Facebook must meet me on November 20 to explain why such data-trading groups were allowed to operate so openly. This is not a small issue — it affects the security of every citizen,” said Chaichanok.

The upcoming meeting will involve direct talks between the Thai government and Meta’s regional executives to develop a joint plan to combat and prevent cybercrime, including tackling illegal advertisements and online gambling networks that continue to thrive on Facebook.

“We spoke with Meta about three weeks ago. They confirmed that they will fly in to meet in person on November 20 to discuss tackling scammers and grey-market groups. It’s a good sign because we can speak frankly,” Chaichanok added.

The minister said the talks follow international media reports that have pressured Meta to take greater responsibility. The Digital Economy Ministry will not simply wait for explanations but will propose stronger policies requiring stricter internal audit systems and identity verification to prevent the creation of fake accounts used for criminal activity.

“The law we are now revising will require all platforms, including Facebook, to take identity verification seriously. If they fail and people suffer losses, the platforms must also be held accountable,” he said.

Chaichanok also revealed the results of Operation “Cut Down Scam – Cracking the Personal-Data Trade Network”, following the 8th meeting of the National Committee on Cybercrime Prevention and Suppression. The joint operation, conducted by the Central Investigation Bureau (CIB) and the Personal Data Protection Committee (PDPC), successfully dismantled one of Thailand’s largest cybercrime syndicates.

Police raided eight locations across Thailand — Chiang Rai, Udon Thani, Saraburi, Pathum Thani, Samut Sakhon, Prachuap Khiri Khan, Chon Buri, and Phuket — arresting six suspects under warrants issued by the Criminal Court for collecting, possessing or disclosing personal data for use in cybercrime, punishable by up to five years’ imprisonment, a 500,000-baht fine, or both.

Seized evidence included six computers, 17 mobile phones, nine storage devices, seven bank books, and other IT equipment. Investigators found that the suspects operated a large-scale personal-data trading ring via a Facebook page called “Grey Market Marketing”, selling names, addresses, phone numbers, bank accounts and Line IDs for 3,000–5,000 baht per 100,000 records. Police confirmed the authenticity of more than 2.3 million records through a sting operation.

A check with the Royal Thai Police’s online fraud database linked the data to 4,630 fraud cases worth over 298 million baht. Further investigation showed that most of the leaked data came from illegal gambling sites, loan-shark apps, and phishing applications, with another six million records uncovered — totalling over nine million names. All six suspects confessed.

Chaichanok stressed that cybercrime, especially call-centre scams and online gambling networks, continues to cause major damage to the public and Thailand’s economy. The government will continue to prioritise the dismantling of these operations while urging citizens to safeguard their personal data, particularly when entering information on unreliable websites or apps.

The DES Ministry and the Royal Thai Police reiterated that the buying, selling or possession of others’ personal data without consent is a serious offence under the Royal Decree on the Prevention and Suppression of Cybercrime, and offenders will face strict prosecution.