Including your name, National ID number, date of birth, registered address, parents' and spouse's National ID numbers, and education level — the complete record that only the Ministry of the Interior holds.
Worse still, the Ministry of the Interior not only continues to deny the leak — it has also issued directives to every household registration office, prohibiting citizens from changing their National ID numbers on the grounds of data leak — even after the court has already ruled the leak occurred.
See how serious this is ↓The leak contained 23,572,055 records; Taiwan's population at the end of March 2018 was 23,571,990 — a near-perfect match. If you held Taiwanese household registration before April 2018, your data is in the leak.
The leak contains exactly what scammers want most: name + National ID + birthdate + registered address + parents' and spouse's National IDs. When a scam call accurately recites your parents' names and ID numbers, it becomes very hard not to believe.
Article 12 of Taiwan's Personal Data Protection Act requires public agencies to notify affected parties of any leak through appropriate means. A 2017 Ministry of Justice interpretation makes it crystal clear: notification is required upon discovery, not after the cause has been determined. Yet the Ministry of the Interior has neither notified nor held a press conference.
When citizens applied to change their National ID numbers, the Ministry of the Interior issued a directive (No. Tai-Nei-Hu-Tzu 1130244957) instructing all household offices to deny such applications based on data leak alone. After the High Administrative Court ruled against this position, the Ministry issued yet another directive (11501037041) reaffirming the same restriction.
A side-by-side comparison of the Ministry of the Interior's public statements (2022–present) against the documented evidence. Every Ministry statement is linked to its original source for verification.
"The data sold on the forum has a content and format substantially different from the Ministry's household records, and was not leaked from the Ministry's Household Registration Information System."MOI Statement (2022-10-29) ↗
The Investigation Bureau's press release of 2023-02-24 explicitly stated: "Verified that the leaked data is Taiwan's household and military service registration data from before April 2018." Furthermore, the High Administrative Court judge personally examined the seized USB drive and confirmed the leak contained complete personal records.
Investigation Bureau press release (archive.org) ↗ Taipei High Admin Court Judgment 112-Su-1114 ↗"The Household Registration Information System uses a physically isolated internal/external network architecture. Data is properly stored on the internal network and has not been leaked."MOI Statement ↗
The Investigation Bureau explicitly stated: "Audit logs from 2018 have already exceeded the maximum retention period; digital evidence has been lost, making it impossible to trace the leak channel." "No anomalies on the internal network" does not equal "no leak" — data can flow out through interconnected agencies (about 70 units request data each year), contractors, or storage media. The Ministry itself announced on 2022-11-21 that it was discontinuing the use of CDs, floppy disks, and other physical media for data exchange.
"Specific victims may apply for a National ID number change by providing court documents."
— in other words, no court ruling, no change.
The Taipei High Administrative Court Judgment 112-Su-1114 explicitly held: "A violation of informational privacy does not require waiting for actual misuse to occur; the unauthorized collection and possession of personal data itself constitutes harm, requiring no additional proof." The court rejected the Ministry's claim that "data being known by third parties is a social norm" as a misreading of the law.
What's more, just 15 days after the court ruling, on 2026-01-30, the Ministry issued yet another directive (11501037041) demanding that household offices still require "concrete evidence of harm" before approving any change — directly defying the judgment.
Directive 11501037041 ↗"Household registration data does not contain mobile phone numbers" — implying the leak's source was not the household registration system.MOI Statement (2023-12-29) ↗
The leaked data doesn't contain mobile numbers in the first place. Its fields are PID, NAME, BIRTH, ADDRESS, FATHER_PID, MOTHER_PID, EDUCATION, etc. — all fields exclusive to household registration. Using "no mobile numbers" to deny the leak is technical misdirection.
From the hacker's listing to today — three and a half years.
The listing identified the data source as www.ris.gov.tw (the Ministry of the Interior's Household Registration Information System), priced at 5,000 USD equivalent in cryptocurrency, with 200,000 sample records from Yilan County provided for verification.
"The Household Registration Information System uses a physically isolated internal/external network architecture; data is properly stored on the internal network."
MOI statement ↗Switching to internet-only transmission — effectively conceding that physical media exchange may have been a leak channel.
"I admit that this is household and military service data from before 2018." — the first public acknowledgment of the data source in Parliament.
"Verified that the leaked data is Taiwan's household and military service registration data from before April 2018, totaling 23,572,055 records." Through cryptocurrency flow tracing, OKE was identified as a Chinese national and referred to the Taipei District Prosecutors Office.
⚠️ Audit logs from 2018 have already exceeded the maximum retention period. Digital evidence has been lost, making it impossible to trace the leak channel.
Press release (archive.org) ↗A man surnamed Cheng purchased the entire dataset for 4,999.2 USDT (Tether). Deferred prosecution; ordered to pay NT$500,000 to the public treasury. OKE remains at large.
While citizen Ho Yu-Hsin's administrative lawsuit was pending, the Ministry instructed all household registration offices nationwide: data leak alone is not grounds for changing a National ID number; judicial proof of actual harm is required.
Directive 1130244957 ↗The court examined the USB drive seized by the Investigation Bureau and confirmed that the plaintiff's personal data had indeed been leaked. Core holdings:
A violation of informational privacy does not require waiting for actual misuse to occur; the unauthorized collection and possession of personal data itself constitutes harm, requiring no additional proof.
The court rejected the Ministry's argument that "data being known by third parties is a social norm" as a misreading of the law, and ordered the Ministry to reissue the plaintiff's National ID number.
Full judgment ↗Just 15 days after the court ruling, the Ministry sent a new directive to all household registration offices, still requiring "court rulings or police records establishing actual harm" before approving an ID number change — repeating verbatim the position the court had just struck down.
Directive 11501037041 ↗"When a public or non-public agency, in violation of this Act, causes personal data to be stolen, leaked, altered, or otherwise infringed upon, it shall, after investigation, notify the data subject by appropriate means."
Notification methods may, taking into account technical feasibility and the privacy of data subjects, be carried out via the internet, news media, or other appropriate public means — meaning the agency does not need to contact 23 million people individually; a press conference is sufficient.
Explicitly clarifies: "Notification is required upon discovery — not after responsibility for the violation has been determined." Confirmation of agency liability is not a prerequisite for the duty to notify.
Original interpretation ↗The Ministry of the Interior has neither held a press conference nor used internet/news media to notify the public of the leak. It has objectively breached the notification duty under Article 12 of the Personal Data Protection Act. The "we can't determine the cause" argument does not exempt the duty — the 2017 Ministry of Justice interpretation made this explicit.
The following addresses the government's claim that "the format differs greatly and doesn't look like household registration data," and explains how the leak's timing was inferred.
The leaked dataset includes a MOVEIN field (registration move-in date). When daily move-in record counts are tallied:
This indicates the data was copied in a single bulk extraction, not gradually scraped over time. The likely extraction time: the night of April 2, 2018.
Corroboration: The Taipei City Government's Civil Affairs Bureau announced that on April 2, 2018, a "Household Registration Information Linkage Data Migration" was carried out, and all household offices suspended their evening extended hours.
Record-count match: Leaked records: 23,572,055. Taiwan's registered population at end of March 2018: 23,571,990. A difference of just 65 — essentially identical.
The government has repeatedly cited "different format" as evidence that this is "not a household registration leak." But this argument actually supports the leak, not refutes it:
Normal system design: Parent-child relationships, family-household relationships, indigenous status, education level, etc. should be stored in separate tables, linked by National ID number or household number.
Leaked data: A single mega-table with many fields — which does not match normal system design, but matches exactly what you'd expect if "a hacker obtained multiple tables and JOINed them together."
Encoding artifacts: The leaked data also contains BIG5/UTF-8 encoding errors resulting in garbled names — a technical mishap during the hacker's data processing or merging, not evidence that the data didn't originate from the household system.
Many assume cryptocurrency is anonymous and untraceable. In reality:
This is how the Investigation Bureau confirmed OKE was a Chinese national who cashed out via a Chinese mainland bank account. The buyer (the man surnamed Cheng) was caught the same way.
| Channel | Description |
|---|---|
| Direct database access | Difficult — requires physical access to the data center; only contractors and Household Registration Department IT staff have realistic opportunity |
| Through interconnected agencies | ~70 agencies request data from MOI each year; ~11 request national-scale data. A security breach at any of them could leak data |
| Through storage media (CD, floppy disk) | The Ministry announced discontinuation of this exchange method on 2022-11-21 — effectively conceding it was a possible channel |
| Through retired hardware | UK telecoms research: 34% of second-hand hard drives still contain personal data. Secure wipe requires at least 7 overwrite passes (US Department of Defense standard) |
On May 29, 2020, a darknet seller using the alias "toogod" listed 20 million Taiwanese records for sale at 2,500 USD (older data, all from before 2004). At the time, then-Minister Hsu Kuo-Yung dismissed concerns: "Taiwan's household registration system isn't connected to the regular internet, so there's nothing to worry about."
This shows that Taiwanese personal data being sold on the darknet was not a one-time event — the 2022 OKE incident was simply the largest and most complete leak.
Until the Ministry of the Interior properly notifies the public and overhauls its system, changing your National ID number is the most effective stop-loss action an individual can take. From technical, criminal-method, and psychological perspectives, here's how it helps:
Once your old National ID number is invalidated in the household system, criminals attempting to use the leaked data to open shell accounts, apply for credit cards, or take out loans in your name will be blocked at the moment of identity verification — the system will return "identity mismatch" or "number not found," cutting off impersonation at the source.
National ID numbers are also tied to the National Health Insurance system and various social welfare programs. Changing your number prevents criminals from forging documents to misuse your health insurance card or fraudulently claim welfare benefits.
The leaked data is a complete bundle (name + ID number + address + family member data). Within this bundle, the National ID number is the most critical identifier. Once it's changed, the leaked dataset loses its most valuable element.
Even if scammers still have your address and name, without your currently valid National ID number, the high-risk crimes they can commit are sharply curtailed.
Scammers frequently establish trust by reciting personal information (e.g., "Just to verify, your National ID is A123…"). If you've changed your number, when a caller recites your old National ID, you can immediately recognize them with 100% confidence as a scammer holding leaked data — and avoid being deceived.
Victims of data leaks often live with chronic anxiety: "When will my identity be misused?" Changing your National ID number provides a clear "stop-loss point," giving you the psychological certainty that the historical leak's risk has been severed.
If the government won't notify, we'll notify each other.
If a caller can recite your National ID number, birthdate, registered address, and parents' or spouse's names and ID numbers, that does not mean they are who they claim to be. This data has been leaked for years; nearly every scam ring has access. Always verify by calling back through official channels.
Article 12 of the Personal Data Protection Act requires the government to notify the public via "internet, news media, or other appropriate means." Since the government won't, we will. Share with your family, friends, and group chats — especially older relatives who don't go online much, as they are most vulnerable to scams.
Make those in power feel the pressure. You can:
Per the Taipei High Administrative Court Judgment 112-Su-1114, the leak itself is sufficient harm, no additional proof is required. You can apply at your local household registration office; if denied, you can pursue administrative appeal and litigation. Ho Yu-Hsin's case has already won, and the judgment serves as a precedent. For why this works, see the four reasons in the previous section.
Full judgment (attach to your petition) ↗Every claim on this page is backed by a verifiable original document.