The culprits behind the recent online breach in Malaysia which compromised data of nearly 46 million mobile phone subscribers have been identified. The details were revealed by the Inspector-General of Police (IGP) Tan Sri Mohamad Fuzi Harun at a press briefing recently.
The initial investigation has revealed that the leak could have happened during a data transfer with the involvement of a few insiders in an organization. According to Fuzi Harun, the firm where the miscreants worked has no part in the crime. “We have some leads pertaining to the case and we have identified those involved. Further action will be taken (against the alleged culprits).” He said. “I cannot confirm the source of the leak, but we have leads on how it happened. (It was) not (the work of a) syndicate.”
The sleuths are currently working with telephone operators to locate the source of the leak, but the motive behind the attack is yet to be established.
In late October, mobile phone numbers, identification card numbers, home addresses and SIM card data of 46.2 million customers of at least 12 Malaysian mobile phone operators were leaked on the grey market. The leak has been dubbed as the biggest breach the country has ever witnessed and may have involved the details of its entire population. But, considering the fact that Malaysian population is around 32 million, several listed mobile numbers may have been inactive or temporary phone numbers that may have been bought by foreigners who were visiting the nation.
It was also reported that the breached data also contained medical records of 81,309 persons that were stored in the databases of Malaysian Medical Council, the Malaysian Medical Association, and the Malaysian Dental Association.
The hack was first reported by Malaysian news site Lowyat.net. The site’s founder Vijandren Ramadass in an interaction with The Star stated that all the information was handed over to the Malaysian Communications and Multimedia Commission (MCMC). According to him, “Telcos need to admit that this breach actually happened and should inform all their customers what should be done.”
The initial investigation had revealed that the staff managing the date might have been negligent. Another startling revelation was that most victims found their MyKad numbers (a unique national registration identity card number) linked to unknown mobile phones. They found it on a verification website called sayakenahack.com. According to reports, nearly 50,000 Malaysians checked to see if their information was leaked during the breach.