(no title)

Additionally, some KBA authentication schemes might still be in place which make leaks like this one particularly problematic. Eg. one of my banks still asks relatively easy to answer questions to authenticate me when I call to unlock my card.

The most infamous KBA incident was the large scale IRS's tax returns fraud that occurred in 2014-2015:

- https://krebsonsecurity.com/2015/03/sign-up-at-irs-gov-befor...

- https://krebsonsecurity.com/2015/08/irs-330k-taxpayers-hit-b...

- https://krebsonsecurity.com/2016/02/irs-390k-more-victims-of...

The type of data leaked by the Thai government doesn't look too bad, but one should not underestimate the creativity of attackers, especially when the amount of data is large (and might overlap with other, previous breaches that contain different attributes.)