DOPA suspends People’s Party access after member data leak scare

The Department of Provincial Administration (DOPA) said on Sunday that it had revoked the People’s Party’s access to the DOPA-Digital ID verification system and the Smart Card reader programme from 12pm on March 14, after the party detected unauthorised attempts by outsiders to access its membership database. The case involves leaked personal data including names, national ID numbers, addresses and contact details.

Access cut after leak alert

In a statement issued through its Bureau of Registration Administration, DOPA said it had also ordered the party to submit full details of the incident so the authorities could protect affected citizens. The department said it would review confidentiality safeguards for agencies allowed to link to official data, under the Personal Data Protection Act and civil registration law.

People’s Party apologises and says loophole is closed

The move followed comments from People’s Party leader Natthaphong Ruengpanyawut on March 13, when he apologised to members and said the party had found on March 10 that ill-intentioned individuals might try to use members’ personal data improperly. He said there was still no conclusive evidence of broad misuse, but the party decided to warn members because some pages had already begun posting improperly obtained member information in public, even if parts of it were concealed.

Natthaphong said the breach appeared to stem partly from insufficient safeguards in the party’s database during the transition from the dissolved Move Forward Party to the People’s Party. He said the loophole had been shut and that the immediate risks no longer remained, though some member data had already fallen into the hands of malicious actors.

Probe could trigger action under multiple laws

DOPA said that if investigators find improper storage, unauthorised use or disclosure of personal data, the Central Registration Office could file complaints with police or seek administrative penalties under the PDPA and other laws. It added that any authorised agency or organisation found to have been negligent could also face possible offences under the Civil Registration Act, the National ID Card Act, the Computer Crime Act, and even election or political party laws if the information was improperly used for political activity.

The department also said affected citizens could pursue fraud or document-related complaints if front-of-card data were misused in financial transactions or other dealings, and could seek compensation through the Office of the Personal Data Protection Committee.

Members advised to consider new ID cards

For those worried about security, both DOPA and Natthaphong pointed to one practical option: applying for a replacement national ID card. DOPA said a new card could be issued for a 100-baht fee, with the same 13-digit ID number but a new Laser ID on the back.