China Daily Global Edition (USA)

Millions of Malaysian phone users’ personal data stolen, report says

-

KUALA LUMPUR — Home addresses and identity numbers, among other details of 46.2 million mobile phone subscriber­s, nearly the entire population of Malaysia, may have been compromise­d, local media reported on Tuesday.

It was believed to be the largest data breach in the country, local media said.

Online technology site lowyat.net said the hackers have the home addresses, identity card numbers, SIM card informatio­n and private details of almost the entire Malaysian population of 32 million. Many Malaysians have several mobile numbers.

The site confirmed that those numbers were leaked online, in a follow-up report on its Oct 19 alert that someone was trying to sell the data from a huge breach in 2014.

In addition, 81,309 records from the Malaysian Medical Council, the Malaysian Medical Associatio­n and the Malaysian Dental Associatio­n were also exposed, the tech site said.

Communicat­ions and internet regulator, the Malaysian Communicat­ions and Multimedia Commission, has said it is investigat­ing the breach with the police.

The probe is being led by the Department of Private Data Protection, an agency under the Ministry of Communicat­ions and Multimedia.

Founder of lowyat.net, Vijandren Ramadass, said that the site’s team followed the online trail left by the individual who tried to sell the data and discovered that the informatio­n was already available for download for free.

“We have disclosed the complete details to the MCMC,” he said, adding that he believes telcos should admit the breach occurred and advise their customers on the next steps.

The MCMC has held meetings with local telcos to ensure that they are aware of the leak and will give full cooperatio­n to investigat­ors. Gavin Chow,

Cyber security analysts said the hackers could make Malaysia vulnerable to phone scam attacks.

“Scammers (could) pretend to be someone calling or texting from the telco since they can prove they have the target’s personal details,” network and security strategist Gavin Chow was quoted as saying.

Other users could be tricked into transferri­ng their money or installing “telco applicatio­ns” containing malware or spyware. These could be used to exploit the target in the future.

Chow said users need to be alert when receiving calls and messages from strangers. “Do not get tricked into sharing more personal details, transferri­ng funds or installing apps.”

Dinesh Nair, a technology strategist, said there was not much that consumers could do. But they might want to change their SIM cards because the hackers have stolen IMSI and IMEI data — electronic identifier­s unique to each phone which are embedded into a SIM card.

“I’m sure my data is there as well. People with really good technical skills will be able to clone someone’s phone and that’s the worst-case scenario,” he said.

Do not get tricked into sharing more personal details, transferri­ng funds or installing apps.” network and security strategist

?? ROSLAN RAHMAN / AFP ?? Fragment Room employees smash bottles in a “rage room” in Singapore, in which customers can take out their stress on items such as bottles and television­s.
ROSLAN RAHMAN / AFP Fragment Room employees smash bottles in a “rage room” in Singapore, in which customers can take out their stress on items such as bottles and television­s.

Newspapers in English

Newspapers from United States