KUALA LUMPUR: Authorities are probing a report that claims databases containing personal data of millions of Malaysians’ were up for sale.
The report, titled “Personal data of millions of Malaysians up for sale, sources of breach still unknown,” was published yesterday on a forum Lowyat.net.
The report was removed about two hours after it was published following Malaysian Communications and Multimedia Commission (MCMC)’s request.
The commission in a statement said they are working with the police to investigate the claims.
“MCMC and police are investigating reports that there were advertisements of the personal data up on sale, suspected to be obtained illegally.
“As a preventive measure, the MCMC had ordered the administration of Lowyat.net website to remove the article. The website administrator had removed the advertisement and the said article,” the statement read.
The commission urged all parties not to make any speculations until the investigation has been completed.
It was reported the Lowyat.net had claimed it received a tip-off that someone was selling huge databases of personal details belonging to Malaysians, in what they called was one of the country's biggest data breaches in history.
Among the data on sale was 50 million entries of data from various telcos. The databases from the telcos allegedly includes customer names, billing addresses, mobile phone numbers, sim card numbers, handset models and MyKad numbers of customers. The technology portal believed the data breach had taken place from 2012 to 2015.
Other than personal data from telcos, 17 million rows of customer information were allegedly from a job portal which comprised of candidate's name, login name, hashed password, email address, nationality, address and mobile phone number. The data were believed to have been obtained between 2012 and 2013.
The portal also claimed there were two sets of 20,000 and 62,000 data of doctors respectively, obtained from medical associations and 720,000 entries of housing loan applications.
The doctors' data included MyKad numbers, operating address and mobile numbers while the housing loan application data contained information such as name, MyKad number, contact number, email address, blacklist status, address, job, employer details, salary and spouse's details.
Since the original article was removed, the website administrator had replaced the page with the message stating: "MCMC has requested the removal of this article. We are still awaiting an official statement from them".
The article had sparked anger among netizens, with many people saying this could be the reasons behind the continuous calls and spam emails from telemarketing companies.