Massive Malaysian data breach of more than 46 million mobile subscribers

Security News ThreatsCybercrime Uncategorized
Malaysian data breachMalaysian authorities hunt for the source of this massive leak

Reuters reported today that Malaysia is investigating an alleged attempt to sell the data of more than 46 million mobile phone subscribers online. The massive Malaysian data appears to be one of the largest leaks of customer data in Asia.

Cybersecurity researchers said the leaked data was extensive enough to allow criminals to create fraudulent identities to make online purchases.

Justin Lie, CEO of Cashshield, a Singapore-based anti-fraud company, compared the Malaysian case in its “degree of complexity” to the cyber attack on U.S. credit-scoring agency Equifax Inc, which said in September that cyber criminals had stolen sensitive information from 145.5 million people.

Malaysian data breach – Stolen data

The scale of this is quite astonishing! The individual was trying to sell a huge amount of private customer information from at least 12 Malaysian mobile operators:

  • Maxis
  • DiGi
  • Altel
  • Celcom
  • Enabling Asia
  • Friendimobile
  • MerchantTradeAsia
  • PLDT
  • RedTone
  • TuneTalk
  • Umobile
  • XOX

A huge amount of personal data was also stolen from and the:

  • Malaysian Medical Council
  • Malaysian Medical Association
  • Academy of Medicine Malaysia
  • Malaysian Housing Loan Applications
  • Malaysian Dental Association
  • National Specialist Register of Malaysia

This Malaysian data breach it truly gigantic in perspective.   It is believed that the entire country – Malaysia has a population of 32 million – might have been affected by the breach, as well as foreigners who were on temporary pre-paid mobile phone numbers.

Under Malaysian law, service providers are required to keep customers’ personal data secure, so there will probably be legal repercussions.

Dr Mazlan Ismail, the chief operating officer of the MCMC, told the Malay Mail Online that it had met with all of the country’s telecommunications companies to work out how the data breach had occurred.

“This is to ensure that they understand what is happening now, especially when the police, through the Commercial Crime Investigation Department, visit them to investigate,” said Dr Ismail.

“Communications services cannot escape the security aspects, [service providers] must work together, and safety features are important to gain the trust of consumers.”

More Here [BBC] [Reuters]