9Near Thailand 55-million citizen data extortion
A hacker using the alias '9Near' threatened to leak the personal data of 55 million Thais, allegedly sourced via the government's Mor Prom health app; an army sergeant was later identified and surrendered.
- Victim
- Thai citizens (data linked to Mor Prom health platform)
- records
- 55.0M
- users
- 55.0M
In early April 2023, a hacker using the alias '9Near' threatened to publish the personal data of 55 million Thai nationals — a figure equal to roughly three-quarters of Thailand's population. The episode triggered a national alarm, a court-ordered website block, and ultimately the surrender of an army sergeant as the suspected perpetrator.
What happened
On 31 March 2023, a website at 9near.org appeared, claiming to hold the personal records of 55 million Thais and threatening to release them. The claim was also posted on the cybercrime marketplace Breach Forums and amplified via Facebook to drive viral attention.
The data allegedly included:
- First and last names
- Dates of birth
- National ID-card numbers
- Telephone numbers
The Thai government moved quickly. On 1 April, authorities blocked 9near.org, and on 3 April the Criminal Court ordered a formal block on the site and on any website republishing data sourced from it. The Digital Economy and Society Ministry opened an investigation.
The source: Mor Prom
Investigators traced the data to Mor Prom, the Public Health Ministry's app launched to deliver COVID-19 vaccination and health services to the public. The suspected hacker, an army sergeant later named as Khemarat Boonchuay, was alleged to have obtained the records with help from his wife, a nurse with authorised access to the Mor Prom system — making this in part an insider-access case rather than a remote intrusion.
Resolution
After weeks in hiding, Khemarat Boonchuay surrendered to the Cyber Crime Investigation Bureau on 12 April 2023, where he and his wife were questioned. Officials stated there appeared to be no political motive behind the theft. They also said the dataset had not been sold or published before the site was taken down, limiting the realised harm.
Why it matters
The 9Near case became a defining moment for data-protection accountability in Thailand. It struck at trust in a flagship government health platform during the tail of the pandemic, demonstrated how insider access can defeat technical controls, and tested the new enforcement machinery of Thailand's Personal Data Protection Act (PDPA), which had only just taken full effect. The speed of the government's court-ordered takedown — and the rapid identification of a serving soldier — signalled a hardening official stance toward mass data extortion in the kingdom.
Timeline
A website, 9near.org, claims to hold personal data on 55 million Thais and threatens to release it.
The Thai government blocks 9near.org; the digital economy minister orders an investigation.
Authorities open a hunt for the hacker after the claim is posted on Breach Forums.
The Criminal Court orders a block on 9near.org and any site republishing its data.
Officials say the hacker, identified as an army sergeant, remains at large.
Khemarat Boonchuay, an army sergeant, surrenders to the Cyber Crime Investigation Bureau.
Sources
- bangkokpost.comhttps://www.bangkokpost.com/thailand/general/2545164/sergeant-who-hacked-data-of-55-million-thais-identified
- khaosodenglish.comhttps://www.khaosodenglish.com/news/crimecourtscalamity/2023/04/12/hacker-9near-surrenders-to-police/
- nationthailand.comhttps://www.nationthailand.com/thailand/general/40026580
- thestar.com.myhttps://www.thestar.com.my/aseanplus/aseanplus-news/2023/04/12/no-political-motive-in-hackers-theft-of-55-million-thais-personal-data
- resecurity.comhttps://www.resecurity.com/blog/article/cybercriminals-leaked-massive-volumes-of-stolen-pii-data-from-thailand-in-dark-web