The Malaysian Communications and Multimedia Commission (MCMC) says it’s awaiting for further orders and additional information from UiTM over the alleged data leak. - Reuters

KUALA LUMPUR: The Malaysian Communications and Multimedia Commission (MCMC) is awaiting further information from Universiti Teknologi Mara (UiTM) to assist in a probe into alleged leak of personal data of its over a million students.

The commission’s monitoring and enforcement division head Datuk Mohd Shafie Harun said this was necessary before they could receive further directives over the matter.

He noted however that the issue of leak of personal information does not fall under its jurisdiction as the commission is only tasked with providing technical assistance with regards to any related investigation.

“We are awaiting for further orders and additional information from UiTM. At the moment, (what the commission is aware of is from) media reports. We are still waiting for a report from the relevant parties.

“(Leak of) personal data does not fall under MCMC as we only provide technical assistance.

“The matter (involving UiTM’s data leak) is handled by Personal Data Protection Department, an agency under the (Communications and Multimedia) Ministry,” he said when contacted today.

Yesterday, UiTM vice-chancellor Professor Emeritus Datuk Dr Hassan Said was reported saying that the university would look into claims that over a million of its students’ personal data had been leaked online.

He noted however that the screenshot published by online portal Lowyat.net - which raised the allegation - did not match the format used by UiTM’s systems.

“This shows that the information has been processed and manipulated by unscrupulous parties which also confirms that the information has not been generated straight from the UiTM system but as a result of hacking.

“Hence, UiTM believes the system is still sound, safe and reliable,” he said.

In its website on Friday, Lowyat.net published an article over the alleged data leak, citing anonymous sources which claimed that the data was “obtained by exploiting an online security flaw.”

The tech portal cited these sources alleging that the data breach took place between February and March last year.

Lowyat.net suggested that “we are fairly certain that the database did not originate from any of UiTM’s online services.”

The report said that the records of 1,164,540 students –mainly those who enrolled between 2000 and 2018 – had been compromised.