MCMC PROBING INTO CLAIM THAT DATA OF MILLIONS UP FOR SALE
KUALA LUMPUR: The authorities are looking into a report that databases with personal data of millions of Malaysians are being put up for sale.
The report, titled “Personal data of millions of Malaysians up for sale, sources of breach still unknown”, was published yesterday on the Lowyat.net forum.
The report was removed two hours later at Malaysian Communications and Multimedia Commission’s (MCMC) request.
The commission said it was working with police to investigate the claim.
“MCMC and police are investigating reports that there were advertisements of the personal data for sale, suspected to be obtained illegally.
“As a preventive measure, MCMC ordered the administration of Lowyat.net website to remove the article. The website administrator has removed the advertisement and the article.”
The commission urged all parties not to speculate until investigations were completed.
Lowyat.net had claimed that it received a tip-off that someone was selling huge databases of personal details of Malaysians in what they said was one of the country’s biggest data breaches.
It included 50 million data entries from various telcos, which allegedly included customer names, billing addresses, mobile numbers, SIM card numbers, phone models and MyKad numbers. Lowyat.net believes that the data breach took place between 2012 and 2015.
Also for sale were 17 million rows of customer information allegedly from a job portal. The date comprised names, login names, hashed passwords, email addresses, nationality, addresses and mobile phone numbers and were believed to be obtained in 2012 and 2013.
Other data included two sets of data from doctors, with 20,000 and 62,000 pieces of information in each set, obtained from medical associations, and 720,000 entries on housing loan applications.
The data from doctors included MyKad numbers, operating addresses and mobile numbers, while the housing loan applications data had names, MyKad numbers, contact numbers, email addresses, blacklist status, addresses, jobs, employer details, salary and spouse’s details.
After the article was removed, the page was replaced with a statement: “MCMC has requested the removal of this article. We are still awaiting an official statement from them.”
The article sparked anger among Netizens, with many saying this could be the reason behind calls from telemarketing companies and spam emails.