Malaysia’s latest mass data breach could mean fewer organ donors
MALAYSIA has been struck by yet another massive data breach, and this time it involves organ donors.
Already a country with one of the lowest percentages of pledged organ donors in the world, the Southeast Asian country has found that files containing complete details of over 220,000 donors have been leaked online as early as September 2016.
According to popular tech online forum Lowyat.net, the leaked data contains registration information from government hospitals and Transplant Resource Centers across the country.
The site says the collection of data could only mean that it was leaked from a central database.
“While the total number of records of this leak is nowhere near the massive amounts of data leaked in the mobile telco data breach that we reported back in October 2017, this leak contains one very serious implication where it reveals personal information of a nominated next-of-kin.” the forum said.
“This doubles up the actual number of records leaked to 440,000, and also links two individuals to each other in a binding relationship — whether it may be husband/wife, siblings or parental.”
The latest leak unleashes fear of a decline in organ donors over concerns of harassment and malicious social engineering attacks against potential victims.
Data breach: Is MCMC sleeping on the job? https://t.co/OBA4S84z3D
— Lawyers for Liberty (@lawyers4liberty) January 24, 2018
A prominent Malaysian lawyer was quick to criticise the government for its apparent failure in ensuring safeguards on the sensitive data.
Eric Paulsen claims the country’s regulatory body, the Malaysian Communications and Multimedia Commission (MCMC) have proven to be “hopelessly incompetent” and ineffectual in addressing the biggest personal data breach in Malaysia’s history, where 46.2 million mobile phone users were affected.
“Questions surely must be asked regarding MCMC’s role in this massive data breaches and whether they have been sleeping on the job. What [has] MCMC done to ensure the personal data stored on public and commercial websites are secured? Did these websites and MCMC know about the breaches earlier but failed to inform the public or their customers?” Paulsen asked in a statement, as quoted in Berita Daily.