Reading:
Malaysia sees colossal data breach that may have affected entire population
Share:
data breach hack

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Malaysia sees colossal data breach that may have affected entire population

Technology website Lowyat.net reportedly discovered a huge Malaysian data breach that saw millions of people have their personal data stolen and leaked on the dark web.

The information was apparently taken from multiple Malaysian mobile phone operators, as well as the Malaysian public sector and commercial company websites.

With over 46 million confirmed records breached, this is one monumental data incident.

The mobile operators affected are said to be:

Maxis DiGi Altel
Celcom EnablingAsia Friendimobile
MerchantTradeAsia PLDT RedTone
TuneTalk Umobile XOX

The leaked information from the mobile phone operators reportedly included:

  • Mobile numbers
  • Unique phone serial numbers
  • Sim card numbers
  • Home addresses (for billing)
  • Imsi numbers

The huge amount of information breached meant it has been difficult to know when the breach occurred. It may have happened anywhere from 2012 to 2015. There could have also been more than one breach, with the plunder merged into one giant database.

Lowyat.net was the first to find out when it was informed that someone was trying to sell on huge amount of personal information in exchange for Bitcoin on their forums.

Recruitment company JobStreet was also reportedly hit by the breach. Its leak contained almost 17 million rows of candidate information including their names, login details, hashed passwords, email address, nationalities, addresses and telephone numbers. Lowyat.net notes that the JobStreet breach may have happened between 2012 and 2013.

Personal data was also reportedly stolen from:

  • Malaysian Medical Council
  • Malaysian Medical Association
  • Academy of Medicine Malaysia
  • Malaysian Housing Loan Applications
  • Malaysian Dental Association
  • National Specialist Register of Malaysia

The personal data stolen from the various authorities above is thought to have included personal details, IC numbers, home addresses and mobile phone numbers. These sets of personal data is believed to have been taken between 2014 and 2015.

The massive spreadsheets of stolen data is incredibly unsettling. The large number of affected mobile phone operators and government departments may indicate a major flaw in cybersecurity and data protection protocols. The source of the breach has still not been confirmed.

The Malaysian Communications and Multimedia Commission is investigating what may be the biggest data breach in Malaysian history. Lowyat.net has said it will commit to removing and preventing all illegal sales made on its forums, though it notes that the same stolen data is probably being advertised across other channels. The website warns against the illegal sale of stolen data and warns that perpetrators can be punished by law.

With the nature of digital information, copies of the information may have already been sold on multiple times to companies who make direct marketing calls and emails. In the U.K., this is illegal unless the person or organisation who controls the data has first sought consent from recipients to allow them to make such calls and emails for marketing purposes.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon