Just two weeks ago, people were talking about sayakenahack.com, a site set up by tech blogger Keith Rozario for people to check if their personal data had been compromised. Hours after the website went up, the Malaysian Communications and Multimedia Commission (MCMC) blocked the site, following a formal request from the Data Privacy Protection Department, according to a report by Free Malaysia Today.
Yesterday, Malaysiakini’s special report revealed that personal data stolen from telcos was intended for MCMC’s system to deter mobile phone theft, however, the Deputy Communications and Multimedia Minster Jailani Johari said in Parliament that it was premature to point fingers, the portal reported.
While all of this information may be a little mind-boggling, here are 3 things that you need to know about this data breach.
1. The breach was made known last month
On Oct 19, Lowyat.net reported “one of the country’s biggest data breaches in history” after the portal received a tip-off that a large database of personal details belonging to Malaysians were being sold on the Lowyat Forums. While the portal brushed off the claims, a little digging revealed that millions of personal data were on sale, including information from telcos, governmental departments, and associations. The data is said to have been obtained between 2012 and 2013, which includes non-residents of Malaysia.
2. Data was intended for a company outsourced by MCMC
The telco database was compiled for the Public Cellular Blocking Service (PCBS), which was launched by MCMC in Feb 2014 for the purpose of blocking stolen phones from making calls, texting or accessing the internet. However, PCBS was not managed by MCMC but outsourced to a private firm – Nuemera Sdn. Bhd. The police are also investigating the company over the data leak.
In 2014, the telcos sent notices to their customers that their personal data will be released to the Malaysian Central Equipment Identity Register (MCEIR) .
3. Police are tracking an email linked to the data breach
As part of the investigation to get to the bottom of the data breach, the police have managed to zero in on an e-mail account that could shed light to the investigation and the breach of mobile subscription data however, IGP Mohamad Fuzi Harun said the owner of the account has not been found yet, according to a New Straits Times report. The data breach was also traced to an IP address in Oman. He also said that it was possible the breach took place a company’s staff members “tasked with transferring the data took advantage of the situation.
While there currently isn’t a way for you to check if your personal data has been compromised, you can still check if you’ve been affected via haveibeenpwned.com. For a comprehensive breakdown on the data breach, check out Malaysiakini’s guide.