Cybersecurity Breach at Taiwan’s National Institute of Cyber Security Under Investigation
Prosecutors in Taiwan have expanded an investigation into a suspected data breach at the National Institute of Cyber Security (NICS), a government body under the Ministry of Digital Affairs responsible for advancing national cybersecurity and assisting agencies in responding to major threats. The breach involved the unauthorized collection and sharing of confidential internal documents, including national security-related information.
The incident came to light earlier this year when the institute’s mainframe malfunctioned, later determined to be the result of a Web crawler program exploiting system vulnerabilities to harvest restricted data. The Taipei District Prosecutors’ Office first questioned three NICS employees in March, including Peng Min-chun, former head of the advanced research and development section, along with researchers Ting Po-feng and Lee Yu-hsun. Their devices were seized as evidence, and all three were released on bail ranging from NT$100,000 to NT$500,000 on charges of violating Criminal Code provisions on computer interference and the Personal Data Protection Act.
A second wave of investigations began on Tuesday, with prosecutors re-questioning the three suspects alongside Peng’s former supervisor, Hsu Shih-chang, and additional researchers accused of accessing sensitive documents without authorization. Hsu was later released on NT$200,000 bail.
According to sources, Peng’s team was tasked in 2023 with developing administrative software to consolidate HR and reimbursement records. To obtain the necessary data, Peng allegedly directed Ting and another researcher to create a Web crawler that exploited internal vulnerabilities, using Lee’s computer to access other departments’ files. The stolen documents were then uploaded to a cloud platform under the project name "XMAS", allowing team members unrestricted access. Investigators traced the breach to Lee’s computer, with login credentials linked to Ting’s account.
While Peng was initially identified as the primary figure behind the breach, prosecutors later found evidence suggesting Hsu may have been the decision-maker in the operation. The case remains under investigation.
Source: https://www.taipeitimes.com/News/taiwan/archives/2026/05/14/2003857313
Ministry of Digital Affairs TPRM report: https://www.rankiteo.com/company/ministry-of-digital-transformation-of-ukraine
"id": "min1778697876",
"linkid": "ministry-of-digital-transformation-of-ukraine",
"type": "Breach",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Cybersecurity, National Security',
'location': 'Taiwan',
'name': 'National Institute of Cyber Security (NICS)',
'type': 'Government Body'}],
'attack_vector': 'Web crawler program exploiting system vulnerabilities',
'data_breach': {'data_exfiltration': 'Uploaded to a cloud platform under the '
"project name 'XMAS'",
'personally_identifiable_information': 'HR and reimbursement '
'records',
'sensitivity_of_data': 'High (national security-related '
'information)',
'type_of_data_compromised': 'Confidential internal documents, '
'national security-related '
'information, HR and '
'reimbursement records'},
'date_detected': '2023',
'description': 'Prosecutors in Taiwan have expanded an investigation into a '
'suspected data breach at the National Institute of Cyber '
'Security (NICS), a government body under the Ministry of '
'Digital Affairs. The breach involved the unauthorized '
'collection and sharing of confidential internal documents, '
'including national security-related information. The incident '
'was caused by a Web crawler program exploiting system '
'vulnerabilities to harvest restricted data.',
'impact': {'brand_reputation_impact': 'Damage to the reputation of NICS and '
'the Ministry of Digital Affairs',
'data_compromised': 'Confidential internal documents, national '
'security-related information',
'legal_liabilities': 'Violation of Criminal Code provisions on '
'computer interference and Personal Data '
'Protection Act',
'operational_impact': 'Unauthorized access to sensitive data, '
'potential compromise of national security '
'information',
'systems_affected': 'Mainframe, internal administrative systems'},
'initial_access_broker': {'entry_point': 'Web crawler program exploiting '
'internal vulnerabilities',
'high_value_targets': 'Confidential internal '
'documents, national '
'security-related '
'information'},
'investigation_status': 'Ongoing',
'motivation': 'Unauthorized access to confidential documents for '
'administrative software development',
'post_incident_analysis': {'root_causes': 'Unauthorized use of Web crawler to '
'exploit system vulnerabilities, '
'lack of access controls'},
'references': [{'source': 'Taipei District Prosecutors’ Office '
'investigation'}],
'regulatory_compliance': {'legal_actions': 'Bail imposed (NT$100,000 to '
'NT$500,000)',
'regulations_violated': ['Criminal Code provisions '
'on computer interference',
'Personal Data Protection '
'Act']},
'response': {'containment_measures': 'Seizure of devices, bail imposed on '
'suspects',
'law_enforcement_notified': 'Taipei District Prosecutors’ '
'Office'},
'threat_actor': 'Internal employees (Peng Min-chun, Ting Po-feng, Lee '
'Yu-hsun, Hsu Shih-chang)',
'title': 'Cybersecurity Breach at Taiwan’s National Institute of Cyber '
'Security',
'type': 'Data Breach',
'vulnerability_exploited': 'Internal system vulnerabilities'}