SOURCE OF MASSIVE DATA BREACH IDENTIFIED?
Investigators zero in on email account they believe could shed light on case
POLICE have tracked the breach to a specific email address, and are looking for its owner. The Malaysian Communications and Multimedia Commission says the cops are also checking if the data was meant to be sent to its Public Cellular Blocking Service system.
POLICE are trying to track down the owner of an email address in connection with the massive online data breach linked to more than 46 million mobile phone numbers.
Investigators have zeroed in on the email account they believe could shed light on the case.
However, Inspector-General of Police Tan Sri Mohamad Fuzi Harun said the owner of the account had yet to be found.
He did not elaborate on how the email was connected to the case or what it was used for.
“It is still under investigation,” he told the New Straits Times.
On a report that the leaked data might have been for the Malaysian Communications and Multimedia Commission (MCMC), its chief operating officer, Datuk Dr Mazlan Ismail, said there were many possibilities, adding that police were looking at all angles.
He said efforts had been taken to prevent personal data theft from recurring.
“All possible efforts, technical and non-technical, to prevent personal data theft has been taken by all parties in the telecommunication services industry in Malaysia. Hopefully, a similar problem would not occur,” he told the NST.
Yesterday, a news portal claimed that an analysis of the data from the breach revealed that it could have been for MCMC’s Public Cellular Blocking Service (PCBS) system.
It said it uncovered details of how the breach of data from telecommunication companies might have occurred as it found several file names of the leaked data containing acronyms such as PCBS, MCMC or SKMM.
File names from at least six companies used the acronyms.
(SKMM refers to MCMC.)
PCBS was an MCMC initiative launched in 2014 to provide service to deactivate mobile phones when they were reported stolen.
Following its launch, the Malaysian Central Equipment Identity Register was created. It is a database of International Mobile Equipment Identity numbers, which is the unique serial number of mobile phones in the country.
PCBS is managed by a private firm, not MCMC.
Communications and Multimedia Minister Datuk Seri Salleh Said Keruak, when met at Parliament yesterday, declined to comment on the report.
Police had said investigators were working with telecommunication companies to pinpoint the source of the leak, but the motive had yet to be established.
The data breach was first reported last month by public online forum Lowyat.net, which claimed that someone was trying to sell huge databases of personal information.
The databases comprised mobile phone numbers, identification card numbers, home addresses, IMEI and SIM card data of 46.2 million customers of at least 12 Malaysian mobile phone operators.
The databases are also believed to contain private information of more than 80,000 individuals, leaked from records of the Malaysian Medical Council, Malaysian Medical Association, and Malaysian Dental Association.
All possible efforts, technical and non-technical, to prevent personal data theft has been taken by all parties in the telecommunication services industry in Malaysia.
DATUK DR MAZLAN ISMAIL
MCMC CEO