A user named taomarita on DarkForums claims to have been selling customer data from seven major banks in Thailand. Account balances, national ID cards, government documents and bank account numbers have all allegedly been leaked. The alleged claim which has not yet been confirmed by any bank is a serious cybersecurity concern.Lets breakdown this data brech story
What Has Been Alleged?
A member with the username taomarita on DarkForums posted that he has up-to-date customer data of 7 major banks in Thailand and is selling it. The 7 banks named are Tambatra, Bangkok Bank, CIMB Thai Bank, Kasikorn Bank, Krung Thai Bank, Siam Commercial Bank and United Overseas Bank.
These are all the most mainstream and widely used financial institutions in Thailand. The post clearly states that the data is fresh and middleman and escrow services are also available which means this appears to be an organized selling operation not an impulsive post.
Till now none of these banks has given any official statement and no independent researcher has verified the data hence this is just an alleged claim.
What Information Was Exposed?
The data claimed to be in this breach is much more serious than ordinary data leaks. Not just name and email but also account balance, account number, outstanding debt amount, customer’s home address, phone number, copy of national ID card and official government documents are allegedly included.
This combination is a goldmine for an attacker. The entire financial profile of any affected person how much money he has how much debt he has where he lives and what is his ID all in one place.The Threat actor share the sample of this breach.
This type of data can be directly used for identity theft targeted financial fraud loan scams and blackmail. The presence of national ID card copies makes this breach especially dangerous because bypassing ID verification becomes quite easy after this.
You might want to question how trustworthy this post is. Taomarita account which was created in April 2026 and only has two posts and two threads.This means she completely new forum member selling data from 7 major banks in her first or second post.
This is a classic pattern in dark web research either a scammer selling fake dat a reseller buying old data from another breach and then selling it or a genuine attacker operating from a fresh account to avoid being traced. The Escrow accepted line signals some legitimacy but its also used by scammers to gain buyers trust.
What to Do If You Use Thai Banks
If you are a customer of any of these 7 banks and change your online banking password immediately. Do not take any action on any call or email purporting to be from the bank without verifying that they know your correct name and account details. Enable two-factor authentication.
Monitor your account transactions regularly. And contact your bank directly to find out if there has been any security incident on their systems. Check your email at HaveBeenPwned.com. Until banks provide official confirmation of this alleged claim it is always wise to take precautions.
