Taiwan’s Cybersecurity Agency Faces Scrutiny After Employee Data Breach
Taiwan’s Ministry of Digital Affairs has acknowledged management failures that allowed an employee at the National Institute of Cyber Security (NICS) to improperly access sensitive data. The admission came during a legislative budget review on Monday, where lawmakers criticized the agency’s internal controls.
Taiwan People’s Party Legislator Chen Ching-lung proposed cutting NT$10 million (US$306,000) from NICS’s funding and freezing 10% of related budgets, citing gaps in oversight. KMT Legislator Lu Ming-che emphasized the severity of the incident, noting that NICS plays a critical role in Taiwan’s cybersecurity defenses.
Digital Affairs Minister Lin Yi-jing confirmed the ministry had detected the breach internally and taken corrective action. NICS President Lin Ying-ta offered to resign in response, while Vice President Hsu Chien-jung revealed that an independent investigation group was formed to review management practices, with a report expected by late June. The agency is also addressing cybersecurity weaknesses identified after the incident.
Cyber Security Administration Director-General Tsai Fu-lung stated that a dedicated unit has been established to handle information security issues. The ministry plans to strengthen internal controls, clarify rules, and improve staff training, as some technical workers reportedly lacked full awareness of legal restrictions.
The case highlights vulnerabilities in Taiwan’s cybersecurity infrastructure, raising concerns about oversight in a key defense agency.
Source: https://www.taiwannews.com.tw/en/news/6391399
Ministry of National Defense, Taiwan cybersecurity rating report: https://www.rankiteo.com/company/ministry-of-national-defense-taiwan
"id": "MIN1782722017",
"linkid": "ministry-of-national-defense-taiwan",
"type": "Breach",
"date": "6/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Cybersecurity',
'location': 'Taiwan',
'name': 'National Institute of Cyber Security (NICS)',
'type': 'Government Agency'}],
'attack_vector': 'Improper Access by Employee',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive Data'},
'description': 'Taiwan’s Ministry of Digital Affairs acknowledged management '
'failures that allowed an employee at the National Institute '
'of Cyber Security (NICS) to improperly access sensitive data. '
'The breach was detected internally, and corrective actions '
'were taken, including the formation of an independent '
'investigation group to review management practices.',
'impact': {'brand_reputation_impact': 'Severe, leading to legislative '
'scrutiny and proposed budget cuts',
'data_compromised': 'Sensitive Data',
'operational_impact': 'Management and Oversight Weaknesses '
'Identified'},
'investigation_status': 'Ongoing (Report expected by late June)',
'lessons_learned': 'Vulnerabilities in Taiwan’s cybersecurity infrastructure '
'and oversight gaps in a key defense agency were '
'highlighted. The incident underscored the need for '
'stronger internal controls, clearer rules, and improved '
'staff training.',
'motivation': 'Unknown',
'post_incident_analysis': {'corrective_actions': 'Independent investigation, '
'establishment of a '
'dedicated information '
'security unit, and plans to '
'strengthen internal '
'controls and training',
'root_causes': 'Management failures, inadequate '
'internal controls, and lack of '
'staff awareness of legal '
'restrictions'},
'recommendations': 'Strengthen internal controls, clarify legal restrictions '
'for technical staff, improve staff training, and '
'establish dedicated units for information security.',
'references': [{'source': 'Legislative Budget Review'}],
'response': {'containment_measures': 'Internal detection and corrective '
'action taken',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Strengthening internal controls, '
'clarifying rules, and improving staff '
'training',
'remediation_measures': 'Formation of an independent '
'investigation group, review of '
'management practices, establishment of '
'a dedicated information security unit'},
'stakeholder_advisories': 'Legislators proposed budget cuts and froze related '
'budgets. NICS President offered to resign.',
'threat_actor': 'NICS Employee',
'title': 'Taiwan’s National Institute of Cyber Security (NICS) Employee Data '
'Breach',
'type': 'Insider Threat',
'vulnerability_exploited': 'Inadequate Internal Controls and Oversight'}