Council of Engineers Thailand Data Breach Exposes 350,000 Members

The Council of Engineers Thailand (COE) reports a data breach affecting approximately 350,000 members across the country. The incident was detected on April 17, 2026, and officially disclosed through statements to the Bangkok Post. 

An unidentified threat actor exploited temporary security vulnerabilities during a system migration to steal sensitive professional and personal records.

The breach occurred while the organization was upgrading its infrastructure from 'COE Service 2' to 'COE Service 3.' During the bulk data transfer between servers, access controls were disrupted, creating a window for unauthorized activity. Attackers used this window to run approximately 680,000 automated queries over a 10-hour period, scraping the database before the activity was identified and stopped.

The stolen data includes:

• Full names of registered engineers
• Home and professional addresses
• Personal phone numbers
• Engineering license levels and certification details
• Professional field specializations (Civil, Electrical, Mechanical, Mining, Industrial, Environment, and Chemistry)

The COE notified the Personal Data Protection Committee (PDPC) and the cybercrime police to initiate a formal investigation into the hack. The PDPC has ordered the council to notify all impacted members and implement immediate security improvemnts to prevent further incidents. 

Internal specialists are currently auditing the database to determine if the threat actor tampered with license levels or disciplinary records, which could have long-term professional consequences for members.