Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CardX released a data leak notification impacting their customers in Thailand

One of Thailand’s major digital financial platforms, CardX, recently disclosed a data leak that affected their customers. According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. This information includes the customer’s first and […]

CardX Logo.jpg

One of Thailand’s major digital financial platforms, CardX, recently disclosed a data leak that affected their customers.

According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. This information includes the customer’s first and last name, address, telephone number, and email. The company assures that this information cannot be used for financial transactions. However, customers are advised to be cautious of fraudsters who may contact them through phone calls, SMS, or fraudulent emails. CardX recommends that customers keep track of transactions involving their accounts and exercise caution to avoid any potential fraud.

As reported by Prachachat Online, CardX has taken swift action to improve its protection against unauthorized access to customer data after discovering a leak of personal information. The company has confirmed that there has been no impact on customers’ financial information. Cybersecurity experts have implemented proactive monitoring and auditing processes to prevent future incidents. CardX has upgraded its systems and implemented additional security measures to prevent further information leaks.

CardX is a company in the SCB X Group in Thailand. The company has reassured its customers that the recent incident was unrelated to the information systems of Siam Commercial Bank (SCB) or any other companies in their group. SCB X is a holding company for The Siam Commercial Bank Public Company Limited, of which CardX is a part. SCB is currently the third-largest bank in Thailand, with over 1,100 branches nationwide. Its history dates to 1904, when it was established under the leadership of Prince Mahisorn.

In the blog, the company apologized to its customers for this recent incident and is committed to helping its customers who have been impacted. Customers can contact the CardX hotline at 02-999-1991 or the company’s data protection officer (DPO) via email at dpo@cardx.co.th. Furthermore, the company has warned its customers to take proactive measures against fraudulent online activity and follow the best industry guidelines.

Full details of the incident remain unknown. Security Affairs will be updating the story with more information based on further official updates. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CardX)