Massive data leak allegedly occurred when some staff of a particular company stole the information during a data transfer process.
- Expect a surge of calls from telemarketers and scammers
- Don’t entertain unknown callers – just end the call
Good online security practices:
- Refrain from sharing personal information online
- Only login to trusted websites
- Change password for online accounts more often
- Use strong password
- Be careful of email attachments, pop-ups, information shared on social media
- Keep anti-virus updated
Investigators probing into the massive online breach of information of more than 46.2 million mobile phone subscribers in Malaysia have traced the leak to an Internet Protocol (IP) address in Oman.
Inspector-General of Police Tan Sri Mohamad Fuzi Harun said the team, comprising police and Malaysian Communications and Multimedia Commission (MCMC) officers, traced the data leak to an IP address in Oman.
He said it was a complicated case but gave his assurance that investigations were ongoing.
Asked if the police had made any arrests, Fuzi said there was none so far.
“Not yet… it is not easy as it is a complicated case. However, investigations are ongoing,” he told the New Straits Times.
When asked if telecommunications companies had been excluded from the list of suspects, Fuzi said it was too early to conclude on the matter.
On Nov 16, Fuzi said investigators had some leads pertaining to the case and those involved had been identified.
“The leak of data is said to have occurred during a particular company’s data transfer process, where some of the staff could have taken advantage of the situation and gained the information,” Fuzi said.
He said that investigators will also continue to meet with affected cellular providers to gain more details about the source who leaked the data online.
“We are also working to establish the motive behind the leak,” Fuzi added.
Last month, tech news portal Lowyat.net reported that 46.2 million mobile numbers from virtually all Malaysia cellular service providers had been stolen and made available for sale online.
Several databases belonging to the Malaysian Medical Council, the Malaysian Medical Association and the Malaysian Dental Association and involving the private information of more than 80,000 people were also reportedly compromised.
On a separate case involving CIMB Bank’s loss of storage tapes holding backups of client information, the IGP said investigations were proceeding but preliminary findings suggest the incident was the result of negligence.
On Nov 8, CIMB said several magnetic tapes containing backup data were lost in transit during routine operations.
Some of the tapes contained information on the customers of CIMB Bank and its subsidiaries.
CIMB Group Holdings Bhd has heightened security measures across all channels since the incident.
Meanwhile, cybersecurity experts have advised the public not to entertain calls from unknown callers such as telemarketers or scammers asking for personal data.
IT security consultant Fong Choong Fook, who is also an executive director at cybersecurity firm LE Global Services, said there would be a surge of calls made by telemarketers and scammers, the New Straits Times reported.
“Although the leaked data cannot be used to apply for loans and credit cards, it, however, can be used for other purposes such as scamming and telemarketing.
“Unlike phone number, we cannot change our identification card number. It is important not to further reveal your confidential information such as bank account number or just simply do not entertain the call,” Fong was quoted as saying.
Akati Consulting Group chief executive officer Krishna Rajagopal reportedly said that although the leaked data may seem trivial, the information could be used against other entities such as financial institutions to obtain valuable information that gives fraudsters in the black market a treasure trove of information about people’s personal and financial lives.
Rajagopal, whose company specialises in cybersecurity, said that the massive data breach should not be brushed under the carpet and proper forensic investigation should be done and its root cause should be uncovered.
“Its findings should be shared with the general public as a means to build back public confidence on the sector as well as its related organisations,” Rajagopal was quoted as saying.
According to Universiti Kebangsaan Malaysia (UKM) Information Technology Centre deputy director Dr Mohd Rosmadi Mokhtar, consumers should focus on good security practices while going online such as refraining from posting personal information.
“They should keep their anti-virus updated, only login on trusted websites, be careful with email attachment and pop-ups as well as information that they shared on social media.
“Change your password for online accounts more often or use strong password,” Rosmadi advised.
Celcom Axiata Berhad said in a statement that there is no fear that the leaked data could be used for SIM cloning.
“We wish to reassure our customers that whatever information that we have come across so far in relation to the reported incident, is insufficient for any parties to clone a SIM card.
“Celcom advises its customers to take precautions, stay vigilant online and to refrain from entering their personal information onto any suspicious or unauthorised websites.”