Pierluigi Paganini September 17, 2023

One of Thailand’s major digital financial platforms, CardX, recently disclosed a data leak that affected their customers.

According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. This information includes the customer’s first and last name, address, telephone number, and email. The company assures that this information cannot be used for financial transactions. However, customers are advised to be cautious of fraudsters who may contact them through phone calls, SMS, or fraudulent emails. CardX recommends that customers keep track of transactions involving their accounts and exercise caution to avoid any potential fraud.

As reported by Prachachat Online, CardX has taken swift action to improve its protection against unauthorized access to customer data after discovering a leak of personal information. The company has confirmed that there has been no impact on customers’ financial information. Cybersecurity experts have implemented proactive monitoring and auditing processes to prevent future incidents. CardX has upgraded its systems and implemented additional security measures to prevent further information leaks.

CardX is a company in the SCB X Group in Thailand. The company has reassured its customers that the recent incident was unrelated to the information systems of Siam Commercial Bank (SCB) or any other companies in their group. SCB X is a holding company for The Siam Commercial Bank Public Company Limited, of which CardX is a part. SCB is currently the third-largest bank in Thailand, with over 1,100 branches nationwide. Its history dates to 1904, when it was established under the leadership of Prince Mahisorn.

In the blog, the company apologized to its customers for this recent incident and is committed to helping its customers who have been impacted. Customers can contact the CardX hotline at 02-999-1991 or the company’s data protection officer (DPO) via email at dpo@cardx.co.th. Furthermore, the company has warned its customers to take proactive measures against fraudulent online activity and follow the best industry guidelines.

Full details of the incident remain unknown. Security Affairs will be updating the story with more information based on further official updates. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CardX)