Malaysia investigating reported leak of 46m mobile users’ data
Malaysia is investigating an alleged attempt to sell the data of more than 46 million mobile phone subscribers online, in what appears to be one of the largest leaks of customer data in Asia.
The massive data breach, believed to affect almost the entire population of Malaysia, was first reported last month by Lowyat.net, a local technology news website. The website said it had received a tip-off that someone was trying to sell huge databases of personal information on its forums.
The country’s Internet regulator, the Malaysian Communications and Multimedia Commission (MCMC), was looking into the matter with the police, Communications and Multimedia Minister Salleh Said Keruak said on Wednesday.
“We have identified several potential sources of the leak and we should be able to complete the probe soon,” Salleh told reporters at parliament.
The leaked data included lists of mobile phone numbers, identification card numbers, home addresses, and SIM card data of 46.2 million customers from at least 12 Malaysian mobile phone and mobile virtual network operators.
Cybersecurity researchers said the leaked data was extensive enough to allow criminals to create fraudulent identities to make online purchases.
Justin Lie, CEO of Cashshield, a Singapore-based antifraud company, compared the Malaysian case in its “degree of complexity” to the cyber attack on US credit-scoring agency Equifax Inc, which said in September that cyber criminals had stolen sensitive information from 145.5 million people.
“Now these hackers have more quality information such as birth dates, IC numbers, mobile numbers, e-mail addresses and passwords,” Lie said about the Malaysian attack.
Customers of Malaysia’s biggest mobile service providers, including Maxis, Axiata Group’s Celcom and DiGi, among others, were affected.
MCMC’s chief operating officer Mazlan Ismail said Tuesday the regulator had met with local telecommunications companies to seek their cooperation in the probe.