Malaysian data breach sees 46 million phone numbers leaked
A massive data breach has seen the customer data of more than 46 million mobile subscribers in Malaysia leaked on to the dark web.
The leaked information includes mobile numbers, unique phone serial numbers, as well as home addresses.
Personal information from multiple Malaysian public sector and commercial websites was also stolen.
The Malaysian Communications and Multimedia Commission (MCMC) is now investigating.
The data breach was first discovered by Malaysian technology news website Lowyat.net.
The website was informed that someone was trying to sell huge databases of personal details for an undisclosed amount of Bitcoin on its forums.
Stolen data
The individual was trying to sell a huge amount of private customer information from at least 12 Malaysian mobile operators:
- Maxis
- DiGi
- Altel
- Celcom
- Enabling Asia
- Friendimobile
- MerchantTradeAsia
- PLDT
- RedTone
- TuneTalk
- Umobile
- XOX
A huge amount of personal data was also stolen from Jobstreet.com and the:
- Malaysian Medical Council
- Malaysian Medical Association
- Academy of Medicine Malaysia
- Malaysian Housing Loan Applications
- Malaysian Dental Association
- National Specialist Register of Malaysia
Lowyat.net says it reported the incident to Malaysia's communications watchdog on 18 October, and that the MCMC initially made the website take its story down.
However, the MCMC confirmed the data breach a day later in a press statement released on Facebook, and then on Monday confirmed that 46.2 million mobile subscribers were affected by the data breach.
Entire country affected
It is believed that the entire country – Malaysia has a population of 32 million – might have been affected by the breach, as well as foreigners who were on temporary pre-paid mobile phone numbers.
Under Malaysian law, service providers are required to keep customers' personal data secure, so there will probably be legal repercussions.
Dr Mazlan Ismail, the chief operating officer of the MCMC, told the Malay Mail Online that it had met with all of the country's telecommunications companies to work out how the data breach had occurred.
"This is to ensure that they understand what is happening now, especially when the police, through the Commercial Crime Investigation Department, visit them to investigate," said Dr Ismail.
"Communications services cannot escape the security aspects, [service providers] must work together, and safety features are important to gain the trust of consumers."
