Database of 13 million Malaysians allegedly obtained from Maybank, Astro and SPR is sold online

Before the year is out, it appears that Malaysia is facing another data leak as a database allegedly containing 13 million Malaysian users is currently being sold through an online forum. According to the seller, the 13 million records are from Astro, Maybank and the SPR (presumably the Election Commission).

It appears that the seller might not be a Malaysian as “SPR” and “Astro” are labelled as a “bank”. From the breakdown, the database consists of 3.5 million records from “Astro”, 1.8 million from “Maybank” and 7.2 million from “SPR”.

Looking at the sample data, the “Astro” list contains the customer’s full name, IC number, three phone numbers and full address. Meanwhile, the “Maybank” list contains the name, an undefined 12-digit number, the phone number and the full address. The “SPR” list which has the most records at 7.2 million contains the new and old IC numbers, full name, gender, address and mobile number.

Although the sample data didn’t reveal any financial data such as card numbers, usernames and passwords, the database of personal particulars could be misused for phishing and scam activities. We’ve reached out to Maybank and they told us that they have not experienced any data breach. However, they are taking the allegations seriously and are investigating if the claims are true.

Communications and Digital Minister Fahmi Fadzil has instructed both CyberSecurity Malaysia and the Department of Personal Data Protection to investigate the alleged breach and take necessary action according to the law. Besides tackling scams, protecting user data and acting on data breaches are among the top priorities of the new Minister.

This isn’t the biggest sale of personal data involving Malaysian users. Early this year, an alleged JPN database containing 22.5 million Malaysians, as well as records and eKYC selfie photos of 800,000 users allegedly obtained from the Elections commission were sold online. Former Home Affairs Minister Dato Seri Hamzah Zainudin denied that the data came from the National Registration Department (JPN) while former Defence Minister Datuk Seri Hishammudin Hussien said the data leak does not jeopardise national security.

[ SOURCE ]

Related reading

• Here’s AirAsia’s response to alleged data breach involving 5 million passengers
• iPay88 data breach: BNM instructs banks to notify affected cardholders of extra protective measures
• Report claims this Malaysian software company exposed the data of over a million people
• Personal data of over a million Malaysians might’ve been exposed online by MITI