Colossal Malaysian Data Breach May Have Affected Entire Population

Technology website Lowyat.net reportedly discovered a huge Malaysian data breach that saw millions of people have their personal data stolen and leaked on the dark web.

The information was apparently taken from multiple Malaysian mobile phone operators, as well as the Malaysian public sector and commercial company websites.

With over 46 million confirmed records breached, this is one monumental data incident.

The mobile operators affected are said to be:

Maxis	DiGi	Altel
Celcom	EnablingAsia	Friendimobile
MerchantTradeAsia	PLDT	RedTone
TuneTalk	Umobile	XOX

The leaked information from the mobile phone operators reportedly included:

Mobile numbers
Unique phone serial numbers
Sim card numbers
Home addresses (for billing)
Imsi numbers

The huge amount of information breached meant it has been difficult to know when the breach occurred. It may have happened anywhere from 2012 to 2015. There could have also been more than one breach, with the plunder merged into one giant database.

Lowyat.net was the first to find out when it was informed that someone was trying to sell on huge amount of personal information in exchange for Bitcoin on their forums.

Recruitment company JobStreet was also reportedly hit by the breach. Its leak contained almost 17 million rows of candidate information including their names, login details, hashed passwords, email address, nationalities, addresses and telephone numbers. Lowyat.net notes that the JobStreet breach may have happened between 2012 and 2013.

Personal data was also reportedly stolen from:

Malaysian Medical Council
Malaysian Medical Association
Academy of Medicine Malaysia
Malaysian Housing Loan Applications
Malaysian Dental Association
National Specialist Register of Malaysia

The personal data stolen from the various authorities above is thought to have included personal details, IC numbers, home addresses and mobile phone numbers. These sets of personal data is believed to have been taken between 2014 and 2015.

The massive spreadsheets of stolen data is incredibly unsettling. The large number of affected mobile phone operators and government departments may indicate a major flaw in cybersecurity and data protection protocols. The source of the breach has still not been confirmed.

The Malaysian Communications and Multimedia Commission is investigating what may be the biggest data breach in Malaysian history. Lowyat.net has said it will commit to removing and preventing all illegal sales made on its forums, though it notes that the same stolen data is probably being advertised across other channels. The website warns against the illegal sale of stolen data and warns that perpetrators can be punished by law.

With the nature of digital information, copies of the information may have already been sold on multiple times to companies who make direct marketing calls and emails. In the U.K., this is illegal unless the person or organisation who controls the data has first sought consent from recipients to allow them to make such calls and emails for marketing purposes.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.