igor - Fotolia

Malaysian regulator and firm sued over data breach

The Malaysian Communications and Multimedia Commission and a local company have been caught in a civil lawsuit over a massive data breach reported last year

The Malaysian Communications and Multimedia Commission (MCMC) and a local firm have been sued for the massive data breach involving the personal data of more than 46 million mobile phone users in the country.

According to the Malay Mail, the civil lawsuit was filed by Fahmi Fadzil, an activist and communications director of Malaysian political party Parti Keadilan Rakyat, who told local media that the “breach questions the fidelity and integrity of the safety mechanism in place to protect our personal data and those who are responsible for it”.

“In this digital era, our personal information has become the basis of our day to day transactions. The public needs to know that they can trust and feel confident about the institutions and parties that are entrusted of such duties, can stay true to their responsibilities,” he said.

Noting that there had not been any arrests made so far and that the data breach was of public interest, Fadzil hoped that the lawsuit would shed light on how the breach occurred and the measures taken to contain the breach.  

Apart from the MCMC, Nuemera Sdn Bhd, the company tasked with running the Public Cellular Blocking Service (PCBS) that lets cellphone users block the use of lost or stolen devices even with a different SIM card, was also named in the lawsuit.

The PCBS was believed to be one of the rightful recipients – apart from the MCMC – of the data that was compiled by Malaysian telcos, according to online news portal Malaysiakini.

The data breach first came to light on 18 October 2017, when technology news website Lowyat.com was alerted to databases containing the leaked data that had been put up for sale on its online forums.

Based on the dates in the data, the breach was likely to have occurred between 2014 and 2015. It was uncertain how the breach occurred, though MCMC officials had met with the affected telcos to seek their cooperation.

Read more about cyber security in ASEAN

  • Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows.
  • Singapore’s Ministry of Defence is getting white hat hackers to identify loopholes in its internet-facing IT systems in the country’s first government-led bug bounty programme.
  • Coordination is vital to ensure that Southeast Asia’s cyber security efforts are focused, effective and in synergy with one another, said ministers and senior officials at a recent cyber security event in Singapore.
  • The Malaysian government will work with Chinese technology giant Huawei to deepen its capabilities in combatting cyber threats.

The leaked data also included the personal information of users of job portal Jobstreet.com, as well as a slew of medical organisations such as the Malaysian Medical Council and the Malaysian Dental Association.

In November 2017, Malaysian authorities said they had identified those involved with the leak, which was traced to an IP address in Oman. Noting that it was a complicated case, investigators had told the New Straits Times that it was not easy to arrest the perpetrators.

Read more on Hackers and cybercrime prevention

Data Center
Data Management