On 19 October, news about what is believed to be one of the biggest data breaches in Malaysia was made public by a local tech news site
The article by Lowyat.net claimed that the personal data of millions of Malaysians from databases of online recruitment portals and medical associations have been leaked and were up for sale online.
The tech news site also found out that mobile phone numbers and IC number addresses were advertised on forums.
MCMC caught wind of the article and ordered the website to take down the article as a "preventive measure". The government body later claimed that it was all a "misunderstanding" and has since allowed it to be republished.
In a follow-up article yesterday, Lowyat.net "confirmed" that 46.2 million mobile numbers were leaked online
It was reported that the leak included postpaid and prepaid phone numbers, customer addresses as well as SIM card details from major telcos in the country including Digi, Celcom, Maxis, Tunetalk, Redtone, and Altel.
The website said the time stamps on the files it downloaded indicate the leaked data was last updated between May and July 2014 between the various telcos.
Lowyat.net said it also confirmed that a total of three databases belonging to the Malaysian Medical Council, Malaysian Medical Association and Malaysian Dental Association (MDA) have also been leaked.
"We are also now fairly certain that the individual who tried to sell the data two weeks back acquired the data in a similar fashion that we did, and tried to make a quick profit by attempting to sell it on our Forums," the site said.
All information pertaining to the breach was handed over to MCMC for further investigation
The authorities confirmed to NST that a thorough investigation is currently being carried out.
"We are working with the Malaysian Communications and Multimedia Commission (MCMC) as this case is quite complicated since it involves telecommunication service providers," Inspector-General of Police Tan Sri Mohamad Fuzi Harun was quoted by the English daily as saying.
Digi, Maxis, and Celcom have responded to the data breach, saying that they would assist authorities in the investigation.
Are you affected by the data breach?
As mentioned earlier, it was revealed by Lowyat.net that the data breach happened sometime between May and July 2014.
Unless you've only applied for a phone number after the said period, it's likely that your personal details have fallen into the wrong hands.
Malaysia has a population of around 32 million. This indicates the the leaked data may belong to people with multiple mobile numbers. The data could also contain older, inactive numbers and temporary ones bought by foreign nationals visiting the nation.
Here's what you can do to protect yourself from the data breach:
2. Don't respond to any suspicious calls, texts, and emails claiming to be authorities. If you're unsure, call up the relevant authorities for clarification.
3. Create complex passwords for all important accounts. Use different ones for each account is highly recommended.
4. Set up alerts for all money-related accounts. You may be able to receive notifications of suspicious purchases or those that exceed a certain dollar amount. This may give you a heads-up that you've been compromised.