Industry - Data Breach
Executive Summary
The Council of Engineers Thailand reported that hackers breached its database during a server transfer, stealing personal data of approximately 350,000 members including names, addresses, phone numbers, and license information. The attack involved 680,000 data breaches over a 10-hour period before detection, though details about the attackers' identity and any ransom demands have not been disclosed. The council has warned members that their stolen data could be misused.
What Happened
Around April 17, 2026, hackers breached the Council of Engineers Thailand's database while data was being transferred between servers. Over approximately 10 hours, attackers conducted 680,000 data breaches and stole personal information belonging to roughly 350,000 council members, including names, addresses, phone numbers, and professional license details. The council has since warned members that their stolen data could be misused, though the identity of the attackers and whether any ransom demands were made remain undisclosed.
Who Is Affected
Approximately 350,000 registered engineers in Thailand who are members of the Council of Engineers Thailand are affected. Their stolen personal and professional information - including contact details and engineering license credentials - places them at risk of identity theft, targeted phishing attacks, and potential professional credential fraud.
Why It Matters
This breach highlights critical vulnerabilities during data migration processes, a period when security controls may be temporarily weakened or reconfigured. The 10-hour detection gap and 680,000 breach attempts demonstrate inadequate real-time monitoring, which allowed extensive data exfiltration to occur undetected. For professional licensing bodies, such breaches undermine trust in credential verification systems and expose licensed professionals to impersonation risks.
What You Should Do
If you are a Council of Engineers Thailand member, immediately monitor your financial accounts and credit reports for unusual activity and consider placing fraud alerts with credit bureaus. Be vigilant against phishing emails or calls that reference your stolen details, and verify any contact claiming to be from the council through official channels before responding. Update passwords for any accounts that may have used information matching your council records, and enable two-factor authentication wherever possible.
Summary generated from verified sources and reviewed before publication. How we summarize.