350,000 Thai Engineers' Data Exposed in COET Cyberattack
Thailand's Council of Engineers has confirmed that hackers penetrated its member database, extracting personal records for approximately 350,000 practicing engineers during a system migration window in mid-April. The Council of Engineers Thailand (COET) disclosed that the stolen dataset—containing names, residential addresses, phone numbers, current employers, and license classifications—has now entered criminal networks with the expertise and infrastructure to weaponize it for fraud, identity theft, and organized scam operations.
Why This Matters
• Immediate fraud exposure: Scammers holding accurate engineer credentials and contact details can impersonate government licensing officials or secure finance through social engineering with credible pretexts.
• License tampering risk: Security experts have raised concerns that unauthorized database alterations could potentially downgrade professional standing, fabricate disciplinary records, or block contract eligibility, though COET has not publicly confirmed whether forensic analysis has detected such modifications.
• Election integrity question: The breach coincides with COET's upcoming digital director ballot, potentially affecting the validity of voting based on member data integrity.
• Regulatory investigation active: Both the Thailand Royal Police cybercrime division and the Office of the Personal Data Protection Commission (PDPC) have opened formal inquiries with enforcement authority.
The Attack Vector: Exploiting a Transition Window
System migrations present security vulnerabilities that sophisticated attackers actively monitor. Between approximately April 15 and 17, COET transferred its legacy platform (COE Service 2) to newer infrastructure (COE Service 3). During this window, attackers obtained administrative login credentials belonging to COET staff and special committee members, then used those stolen usernames and passwords to access the unfinished system. Over roughly 10 consecutive hours, the attackers executed approximately 680,000 automated database queries, systematically harvesting member records at scale. According to COET's internal investigation, one notable credential compromised belonged to Chulert Jitjuejun, a sitting council director whose administrator access became an entry point for the entire breach.
The intrusion went undetected for two days. COET's security team identified the unauthorized activity on April 17, but the delay between actual compromise and discovery sparked criticism among council members regarding breach response protocols.
Scope and Vulnerability Profile
The stolen dataset encompasses engineers across seven major disciplines: civil, electrical, mechanical, mining, industrial, environmental, and chemical fields. This breadth matters. Engineers represent a highly credentialed, financially stable demographic—precisely the profile that appeals to organized fraud operations. The data points now exposed—employer names, license levels, current positions—add granular detail that scammers convert into persuasive impersonation scripts. A criminal caller claiming to represent the Department of Transport seeking to verify an engineer's "licensing renewal" becomes credible with the right background details.
Regarding potential data tampering, experts have flagged this as a concern. While COET has not publicly confirmed whether forensic analysis has ruled out unauthorized modifications to records, security researchers note that if licensing levels were altered, disciplinary histories inserted, or qualification statuses downgraded, individual engineers could face significant consequences through false credential changes. The council's full forensic analysis timeline remains unclear.
The Election Problem
COET was preparing for a significant internal milestone: a digital ballot to elect new board directors. This process depends entirely on accurate membership records and current licensing data. If the integrity of that database remains questionable, questions may arise regarding election validity. The credibility of COET's leadership selection now carries technical implications that require resolution.
Thailand's Cyber Crisis Backdrop
The COET breach reflects a broader cybersecurity challenge facing Thailand. Throughout 2025, organizations reported over 1,000 cyber incidents between January and May. In that same period, the country experienced more than 21,000 spyware intrusions, reflecting the intensity of digital threats targeting Thai infrastructure.
The Office of the Personal Data Protection Commission (PDPC) has responded with active enforcement. In 2025, regulators levied eight administrative fines across enforcement actions targeting government agencies, healthcare facilities, retail operators, and technology firms for inadequate security, failure to appoint designated Data Protection Officers, and delayed or absent breach notification to affected persons.
Entering 2026, cyber incidents have been classified as the primary business risk across Thai industries. By January 2026, the PDPC had logged 2,672 complaints under the Personal Data Protection Act, with recurring violations involving unauthorized data collection, use without lawful basis, and failure to apply data minimization principles.
What This Means for Affected Engineers and Thailand Residents
The 350,000 engineers whose details were stolen should implement immediate vigilance protocols. Scammers will now contact them via phone, SMS, or email, impersonating government licensing authorities, professional associations, or financial institutions. These calls will reference real personal details extracted from the COET database, lending false credibility to increasingly sophisticated pretexts aimed at extracting banking information or financial credentials.
For Thailand residents and expatriates who have worked with Thai engineers—particularly in construction, property development, infrastructure projects, or regulatory compliance—the breach has limited direct impact but warrants awareness. If you require verification of an engineer's current license status, contact COET directly rather than relying on credentials provided by the engineer themselves during this period of compromised data.
Recommended precautions for affected engineers:
Verify independently before responding to any unsolicited communication claiming to originate from COET, government agencies, or professional organizations. Do not provide sensitive information based on inbound contact. Do not click links in unrequested emails or text messages. Instead, independently locate official phone numbers (not those provided by the caller) and confirm any purported request directly with the organization's main line.
Monitor bank and credit accounts for unauthorized transactions and check credit reports for fraudulent applications in your name. Suspicious contact attempts should be reported to the Thailand Police hotline (191) or directly to the PDPC. Documentation of scam attempts—dates, phone numbers, caller claims—strengthens the evidentiary record if identity theft occurs.
A secondary precaution involves legal documentation. Engineers concerned about potential license tampering or disciplinary record fabrication should contact COET to request a certified statement of their current professional standing and request the council flag their accounts as breach victims pending resolution.
Accountability and Next Steps
The Thailand Royal Police cybercrime division has initiated a formal investigation, and the PDPC is conducting parallel inquiry while offering the council recommendations on member protection. COET has disclosed limited detail on remedial actions undertaken—system audits, administrative password resets, comprehensive member notification procedures, or complete forensic analysis timeline. This limited transparency has drawn questions from cybersecurity advocates regarding whether vulnerabilities have been fully addressed.
Under Thailand's Cybersecurity Act B.E. 2562 (2019), organizations designated as Critical Information Infrastructure Organizations (CIIOs) face mandated minimum security standards: classification of IT systems by risk, assignment of responsible personnel, rapid incident reporting protocols, and maintenance of audit documentation. The scale of this breach affecting a regulated profession's entire licensed membership suggests heightened regulatory scrutiny going forward, particularly regarding security standards during system transitions and data migration windows.
Hey Thailand News is an independent news source for English-speaking audiences.
Follow us here for more updates https://x.com/heythailandnews
27-year-old German national arrested in Bangkok April 2025 for operating DDoS platforms that hit Thai businesses. Essential protection strategies for companies facing 164% above-global-average cyberattacks.
Employment fraud now tops Thailand's cybercrime losses. Learn how scammers target remote workers and the protection steps authorities recommend for 2025.
Thai police stop two SUVs on Route 359, seizing 300 phones and 13 suspected Chinese scammers. Expats should expect tighter checkpoints and possible SMS-fraud spikes.
Learn how Thailand’s new live dashboard, cross-border data sync and tougher laws block AI cloning and deepfake calls, shielding Thai consumers from costly scams.