Kuala Lumpur (Reuters): Malaysia is investigating an alleged attempt to sell the data of more than 46 million mobile phone subscribers online, in what appears to be one of the largest leaks of customer data in Asia.
The massive data breach, believed to affect almost the entire population of Malaysia, was first reported last month by Lowyat.net, a local technology news website. The website said it had received a tip-off that someone was trying to sell huge databases of personal information on its forums.
The country’s internet regulator, the Malaysian Communications and Multimedia Commission (MCMC), was looking into the matter with the police, Communications and Multimedia Minister Salleh Said Keruak said on Wednesday.
“We have identified several potential sources of the leak and we should be able to complete the probe soon,” Salleh told reporters at parliament.
The leaked data included lists of mobile phone numbers, identification card numbers, home addresses, and SIM card data of 46.2 million customers from at least 12 Malaysian mobile phone and mobile virtual network operators (MVNO).
Cybersecurity researchers said the leaked data was extensive enough to allow criminals to create fraudulent identities to make online purchases.
Justin Lie, CEO of Cashshield, a Singapore-based anti-fraud company, compared the Malaysian case in its “degree of complexity” to the cyber attack on U.S. credit-scoring agency Equifax Inc, which said in September that cyber criminals had stolen sensitive information from 145.5 million people.
“Now these hackers have more quality information such as birth dates, IC numbers, mobile numbers, email address and passwords,” Lie said about the Malaysian attack.