The Ministry of Communications and Digital (KKD) has issued a statement following the alleged data breach which claimed to be originated from Maybank, Astro and the Election Commission. Based on initial findings, Fahmi Fadzil revealed that the so-called 12-digit numbers in the alleged leaked Maybank database are invalid account numbers. Transactions are not possible with invalid or non-existent account numbers.
Fahmi added that investigations revealed that the data could potentially come from a previous data breach incident that took place sometime in 2018. However, they are still awaiting official confirmation from the relevant parties as part of the ongoing investigation under the Personal Data Protection Act 2010 [Act 709].
The Ministry through the Personal Data Protection Department with the support of CyberSecurity Malaysia is still awaiting feedback from both Maybank and Astro about the alleged data breach and the validity of the data. Meanwhile, the investigation of the alleged data leak from the Election Commission has been handed over to National Cyber Security Agency (NACSA) for further action as it is beyond the jurisdiction of Act 709.
The Malaysian Communications and Multimedia Commission (MCMC) has been instructed to block the website which offered the database from public access. Fahmi has also reminded all data users to ensure a high level of cybersecurity and to adhere to the principles and standards of personal data protection in accordance with Act 709.
Personal data protection is a key issue I want to tackle. I will be sitting down with the Personal Data Protection Department (JPDP) next week to go through proposed amendments to Akta 709. https://t.co/e8sOmY6eOO
— Fahmi Fadzil 🇲🇾 (@fahmi_fadzil) December 30, 2022
Fahmi has reiterated that personal data protection is a key issue he wants to tackle. He will be sitting down with the Personal Data Protection Department next week to go through proposed amendments to Act 709.
Following the news about a potential data breach, both Maybank and Astro have issued statements denying that their systems have been compromised. They have also said that they have taken the necessary security measures to protect the data of their customers.
However, Telekom Malaysia has just confirmed a recent data breach incident which involves approximately 250,000 Unifi Mobile customers. The leaked data involves customer names, phone numbers, emails and what appears to be reload amounts for Unifi Mobile Bebas prepaid. TM says they have taken necessary steps to minimise the potential impact and affected customers are being notified.
Related reading
- TM confirms data breach involving 250,000 Unifi Mobile customers
- Astro denies customer information leaked amidst data leak allegations
- Maybank investigates data leak allegations, no data breach detected so far
- Database of 13 million Malaysians allegedly obtained from Maybank, Astro and SPR is sold online