Jump to content

Hackers in Thailand hacked a hotel. Looking for a legal advice.


plus7

Recommended Posts

2 minutes ago, plus7 said:

gearbox,

 

Thank you for your valuable advice. Yes, headers can be forged, but DKIM signature (which is present and valid), can't be forged.

I will try to find more victims, maybe this topic will help to find someone.

 

Reading more carefully your post it seems that they were fairly stupid to admit in an email that they have been hacked. Unless that email is from the hackers too ????

 

You can extract an admission of hacking by calling them by phone and record the call...just try to make them admit clearly that they have been hacked. A court can understand this better than the technicalities of the SMTP exchanges and DKIM signatures.

 

In some countries recording a phone call when you are a participant is legal and can be used in a court as an evidence. Have no idea what the Thai law says about this.

 

 

 

  • Like 2
Link to comment
Share on other sites

2 minutes ago, OneMoreFarang said:

Private? Like pay to Somchai Crook?

 

When I pay for a hotel there are two options: Credit card or transfer to the hotel account with a name that matches the name of the hotel. 

yeah, well, some people are gullible (many) and this is Thailand.

the crook is criminally guilty, while the injured parties are minimally guilty of negligence.

  • Like 1
  • Sad 1
Link to comment
Share on other sites

Hi everyone,

 

Thank you for your recommendations.

 

Yes, they sent me the email saying:

 

Please pay to this account:

1234556

Somchai Crook

 

I checked the email, it came from the valid source. So I was sure this is ok. All emails contained quotations from previous emails.

 

The payment was done from a mobile phone application. This transaction isn't reversible. A lesson for me to use a credit card next time.

 

I wonder that the big and "leading" hotel managing company don't take responsibility for relatively small amount. They virtually saying, we can't help you because you sent money somewhere else.

 

The woman whose email it was, cried: "I did't send you anything!!!".

The superviser woman, who introduced herself only with the nickname said "Please make the payment one more time, this time, for sure, to the right account and we will give you better room. This is all we can do for you."

 

And this is a big (not international) hotel managing company, their ratings on Agoda or elsewhere are generally good.

 

I did the booking with another hotel, of course, and they took only pre-payment. Like if quarantine stay rule will be canceled, no problem.

 

 

Link to comment
Share on other sites

18k baht certainly hurts, but in the grand scheme of things I personally wouldn't try to pursue a court case from outside of the country.  The time, effort, aggravation and very real risk of money paid to a lawyer being just a waste make it in my mind just not worth it.

 

18k sounds like it is for a longer stay, maybe the best course of action is to make what lemonade you can out of the situation by speaking with the general manager directly and getting the hotel to get you one of their best rooms at the most discounted rate you can talk them into.   They do have some responsibility and will hopefully at least acknowledge it that way.  If the GM won't do that you could try going higher up within the management company.

Link to comment
Share on other sites

Maybe some useful information on legal requirements for originations in Thailand to report data security breaches. 

 

DATA BREACH REPORTING UNDER THE THAILAND PDPA

 

Extract: If the data breach IS likely to result in a risk to the rights and freedoms of data subjects, then the controller must report the breach to the PDPC within 72 hours of becoming aware of it.

 

Not saying it will help you with any legal aspects, but possibly you can rattle the hotel's chain and request reimbursement, or you're going to report them for PDPA violation of non-compliance to report a security breach issue.

 

When PDPA is enforced but not complied with What penalties will there be?

 

Failure to comply with the PDPA will be penalized for non-compliance. 

 

There are 3 types of Personal Data Protection Act (PDPA) as follows:

 

Civil penalty

 

Civil penalties are required to indemnify the owner of the personal data that was damaged by the infringement. and may be required to pay additional compensation for additional punitive damages up to 2 times the actual damages. Must pay compensation to the owner of the personal data in the amount of 100,000 baht, the court may order a penalty for punitive damages 2 times the actual damages equal to having to pay all the fines in the amount of 3 hundred thousand baht

 

Criminal penalties

 

Criminal penalties include both imprisonment and a fine, with a maximum imprisonment of not more than 1 year or a fine of not more than 1 million baht, or both. The maximum penalty is imposed on non-compliance with the PDPA in respect of the use of data. or disclose information or send data transfers to foreign countries Types of sensitive personal data (Sensitive Personal Data). In the case if the offender is a company (juristic person), they may wonder who will be jailed. because the company cannot go to jail In this section, it may fall to the executives, directors or people responsible for the operations of that company who will be punished by imprisonment instead.

 

Administrative penalty

 

Fines range from 1 million baht to a maximum of 5 million baht, of which a maximum fine of 5 million baht will be a case of non-compliance with the PDPA in the use of information. or disclose information or transferring data to other countries of the category of sensitive personal data (Sensitive Personal Data). This administrative penalty is separate from compensation for damages arising from civil penalties and criminal penalties.

 

For what it's worth?

  • Like 2
Link to comment
Share on other sites

17 hours ago, plus7 said:

I wonder that the big and "leading" hotel managing company don't take responsibility for relatively small amount.

Because you did not sent the money to their (big and leading hotel managing company) account. 

Simply as that. 

  • Like 1
Link to comment
Share on other sites

 

17 hours ago, plus7 said:

Hi everyone,

 

Thank you for your recommendations.

 

Yes, they sent me the email saying:

 

Please pay to this account:

1234556

Somchai Crook

 

I checked the email, it came from the valid source. So I was sure this is ok. All emails contained quotations from previous emails.

 

The payment was done from a mobile phone application. This transaction isn't reversible. A lesson for me to use a credit card next time.

 

I wonder that the big and "leading" hotel managing company don't take responsibility for relatively small amount. They virtually saying, we can't help you because you sent money somewhere else.

 

The woman whose email it was, cried: "I did't send you anything!!!".

The superviser woman, who introduced herself only with the nickname said "Please make the payment one more time, this time, for sure, to the right account and we will give you better room. This is all we can do for you."

 

And this is a big (not international) hotel managing company, their ratings on Agoda or elsewhere are generally good.

 

I did the booking with another hotel, of course, and they took only pre-payment. Like if quarantine stay rule will be canceled, no problem.

 

 

What i dont get is that you first have the hotel admitting a security breach and then they come back on their word ? That is bit strange in the story. 

 

You said they admitted a security breach and then the woman said she did not send anything (of course she did not were the hackers). But that must have been clear to the hotel too why else first admit it.


Strange story. 

Link to comment
Share on other sites

23 hours ago, plus7 said:

Hi,

 

I was trying to book a hotel for a quarantine stay. Contacted one from the list of approved, they said write an inquiry to hotel's email.

I sent the inquiry, they replied with the pricing. I agreed. They sent bank account number (private) for the payment. After I made the payment they unexpectedly asked for 25,000 as "security deposit".

This was suspicious and I called the hotel again. Hotel said they had a security breach and I actually made the payment to hackers.

All the communication and the payment request was done from company's email address.

 

The hotel refused to provide the room and refuse to return money.

 

At the same day I reported the case to police, but would like to get money back from the hotel. Technical information (SMTP headers) from the emails is identical in legal and in hacked emails.

I hope there is a small case court in Thailand to resolve this easily.

 

Banks don't help, send me to police.

 

What do you think, is there a way to get money back ?

https://www.ocpb.go.th/ewtadmin/ewt/ocpb_en/

https://web.facebook.com/ocpb.official/?_rdc=1&_rdr

 

Closes in twenty minutes.

  • Like 1
Link to comment
Share on other sites

7 hours ago, robblok said:

Strange story. 

Robblock, the story become strange to me too when the email asked for "security deposit" of 25,000. I called the hotel, and they said "don't send anything to them, they are hackers!". Later, I called to the phone number in the signature just for curiosity, and the woman said "I didn't send you anything!!!". She was a legitimate worker if the hotel and it was her email that was hacked (allegedly).

Link to comment
Share on other sites

On 12/30/2021 at 10:01 PM, plus7 said:

I wonder that the big and "leading" hotel managing company don't take responsibility for relatively small amount. They virtually saying, we can't help you because you sent money somewhere else.

Why should they take responsibility if they didn't send you the dodgy personal bank name and number?   

 

They are right, unfortunately, you sent the money to a third party individual, not a "big and leading hotel" account.   Why would you do that without checking the veracity of the request with the hotel?

 

Have you reported to the police that an individual whose name and bank details you know defrauded you?

Edited by Liverpool Lou
  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...