Malaysian telco provider has data breach – again

• Malaysia’s TM suffers another data breach. 
• Telco company claims data compromised is mostly “old data.”
• Old data can still have a strong value on the dark web. 

Another day, another Malaysian organization experiences a data breach. Everyone knows about the flaws and weaknesses in Malaysia’s cybersecurity laws. While the government is working on a new law to deal with this issue, businesses need to ensure they are well-prepared to deal with breaches.

While most companies in Malaysia continue to invest in improving their cybersecurity, they also need to be aware of how their company and customer data is being used, stored and disposed of. Malaysia already has several regulations on how personal data should be managed. However, the implementation of the law has still failed to boost some industries to take the matter seriously.

According to a report by Surfshark, a cybersecurity company, Malaysia was ranked as the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate was 144% higher in Q3 2023 than it was in Q2 2023, and around four Malaysian user accounts were leaked every minute in Q3 2023.

Just taking a look at the recent cybersecurity incidents in the country, most of the data breaches are caused by ransomware attacks or systems that were simply not secured enough.

Major cybersecurity incidents in Malaysia in the past 24 months include:

• In December 2022, a hacker claimed to have the personal information of 13 million voters from the Election Commission, as well as customers of Maybank and Astro. The stolen data was posted on an online database marketplace, where the seller asked for direct messages through Telegram or the forum’s messaging features to complete the sale.
• In November 2023, a hacker claimed to have a 2022 database of 487 million WhatsApp user mobile numbers, of which 11 million were from Malaysia. The leak included accounts from 84 countries and was sold on a hacking community forum.
• In September 2023, Malaysia recorded its highest number of data breach cases, with an all-time high of 15 reported cases a week involving mainly ransomware attacks. The situation sparked concern over related cybercrimes and phone scams, which have led to millions of ringgit losses annually.
• iPay88, a payment gateway provider in Malaysia, suffered a data breach in May 2022 that potentially compromised customers’ card data. Since then, iPay88 has been working with cybersecurity experts to investigate and contain the breach.
• AirAsia was the subject of alleged data leak claims in November 2022, as confirmed by the Malaysian government and various news sources. The hacker group Daixin Team claimed responsibility for the attack, which compromised the personal data of five million passengers and all employees of AirAsia. The ransomware attack was on redundant systems, and AirAsia has launched an investigation into the alleged data breach.

 TM suffers data breach again

 The Star reported that customer data from Telekom Malaysia (TM) has made its way to the dark web forum. The report stated that a user claimed that he had stolen the complete customer database of the telco company.

The user claims that the data contains nearly 200 million entries, with “nearly 20 million effective user data.” Additionally, the user provided screenshots purporting to be the company’s customer database architecture documentation, with 161 pages outlining the structure, design, and functionality of the company’s customer database system.

This is not the first time TM has experienced a data breach. In 2023, TM confirmed a data breach involving historical Unifi customers’ personal information such as name, national identification/passport number, and contact details. In 2022, TM found 250,248 Unifi Mobile customers to be affected by a data breach, constituting both individual customers and SMEs. The type of data that was breached involved customer names, phone numbers and emails.

The Star also reported that TM released a statement claiming that it had received a ransom note recently, which had prompted “an immediate and thorough investigation to verify these claims.”

It claims that its investigation has shown “that the alleged materials are pre-processed, recycled and dated. Nonetheless, we are treating the situation with the utmost seriousness and are dedicated to resolving this issue with high urgency,” it said.

It also said that it has engaged the relevant authorities, lodged a police report, and is continuously fortifying its cyberdefenses and bolstering its resilience against such threats.

Data breaches impact all data

Here’s where it gets concerning. Despite the data being old and outdated, the information can still be compromised by cybercriminals. In fact, some cybercriminals are hacking encrypted data now so they can decrypt them in the future. Such is the value of data  – which businesses need to take more seriously.

For TM, suggesting that the data is “pre-processed, recycled and dated” may just lead to more concerning situations in the future. Here are several ways cybercriminals can still use old data:

• Identity theft: Old data can contain personal information that can be used to impersonate someone or access their accounts. For example, a cybercriminal can use an old email address and password to log in to a social media account and post malicious content or scam messages.
• Fraud: Old data can contain financial information that can be used to make unauthorized transactions or purchases. For example, a cybercriminal can use an old credit card number and expiry date to buy goods or services online.
• Blackmail: Old data can contain sensitive or embarrassing information that can be used to extort money or favors from the victim. For example, a cybercriminal can use an old photo or video to threaten to expose it to the public or the victim’s contacts.
• Phishing: Old data can contain contact information that can be used to send fake or malicious emails or messages to the victim or their acquaintances. For example, a cybercriminal can use an old phone number to send a text message claiming to be from a bank or a government agency and asking for personal or financial details.

At the same time, old data can be compromised by cybercriminals in various ways, such as:

• Data breaches: Cybercriminals can hack into online platforms or databases and steal old data that has not been deleted or secured properly. For example, in 2021, a hacker leaked the personal data of 533 million Facebook users from a 2019 breach.
• Malware infections: Cybercriminals can infect computers or devices with malicious software that can access and transmit old data stored on them. In 2021, a ransomware attack on Colonial Pipeline disrupted the supply of fuel in the US and exposed old data of the company’s customers.
• Phishing attacks: Cybercriminals can trick users into clicking on malicious links or attachments that can download malware or redirect them to fake websites that can capture their old data. For example, a phishing campaign in 2020 targeted Netflix users and asked them to update their payment details on a spoofed website.

As such, businesses need to be sure of how they use and store their data. At the end of the day, any form of data breach involving any type of data should not be taken lightly.

---

---

---

---