Top 5 data breach incidents in Southeast Asia in 2022

• Investigation underway on Maybank, Astro, and EC data leak claim.
• Malaysia sees a decline in the percentage of data breaches it experienced, at -77%, despite the numerous data breach instances.

Southeast Asia has seen several significant data breaches in recent years, affecting many industries, including government, healthcare, and financial services. The region is home to a rapidly growing population of internet users, accelerating digital transformation. As a result, it has become a target for cybercriminals looking to steal sensitive information and disrupt online services.

A data leak claim involving Maybank, Astro and EC is the latest to be probed. Cybersecurity Malaysia (CSM) and the Department of Personal Data Protection (JPDP) have been asked to look into the alleged data leak affecting approximately 13 million Malaysians that was widely discussed on social media during the last week of 2022.

According to the Minister of Communications and Digital Fahmi Fadzil, the breach was severe because a lot of material was implicated. He shared a Facebook post by user “Pendakwah Teknologi”, who claimed that the Maybank, Astro, and Election Commission (EC) websites had exposed user data on over 13 million Malaysians. According to the post, a website included information on 7.2 million voters, 1.8 million Maybank customers, and 3.5 million Astro subscribers.

“This is a serious allegation, involving a large amount of data,” said Fadzil on Twitter. “I will ask CyberSecurity Malaysia, JPDP to investigate whether it is true that there has been a data leak involving the parties concerned, and take action based on the law.”

This incident isn’t surprising for Malaysia since a recent study by Surfshark placed Malaysia as the eleventh most breached country in the second quarter of 2022. The study also stated that 665,200 Malaysians have been breached from April to June 2022.

Who suffered the most this year?

Malaysia isn’t the only country in the ASEAN region with severe data breach incidents. The following is a list of some of this year’s biggest data breaches in Southeast Asia:

AirAsia data breach.

The “Daixin Team” allegedly launched a ransomware attack against the AirAsia Group. The threat group claimed to have gotten the personal data of all staff and 5 million unique passengers, according to DataBreaches.net. This data includes their name, birthdate, nationality, place of birth, and response to their “secret question.”

Fadzil urged all data users to continuously check and enhance various aspects of cyber security by making sure that system infrastructure, databases, and networks are secure and up to date.

Malaysia’s National Registration Department data breach

Someone advertised the sale of a database containing the personal information of 22.5 million Malaysians, which they claimed to have gotten through JPN’s MyIdentity API. According to the 160 gigabytes database, all Malaysian adults born between 1940 and 2004 are included. The transaction was advertised on a website serving as a data leak market. The seller claims to be the same person or organization responsible for selling data concerning four million Malaysians last year.

Philippines COMELEC data breach

The Commission on Elections (COMELEC) for the Republic of the Philippines’ security systems was breached by a hacker group, exposing 60 terabytes of private voter information.

The depth of this data could enable cybercriminals to map the whole internal workings of the Philippine voting system. Essentially opening the door to much more destructive follow-up strikes on a national security level.

Bjorka, the SIM card hacker

A hacker named Bjorka listed 1.3 billion profiles of Indonesian SIM card registrations for sale. The number is more than the total population, but it’s common to have more than one phone number in the country. The hacker also showed how weak Indonesia’s cybersecurity infrastructure is.

The hacker previously exposed a log of private communications between the President and the State Intelligence Agency. Additionally, they released well-known political personalities’ contact information and vaccination numbers.

Famous Vietnamese school website data breach

One of the biggest recent breaches occurred in Vietnam. The hacker attacked a “famous Vietnamese school website,” claiming to have taken 30 million records containing full names, emails, phone numbers, birthdays, grades, schools, and locations.

The data was placed up for sale by the hacker, who demanded US$ 3,500. Given that 30 million people make up approximately one-third of Vietnam’s population, the hacker said that the database is extremely useful.

The state of data breach incidents in Southeast Asia as of now…

These data breaches demonstrate the importance of strong cybersecurity measures to protect against data breaches and the potential consequences of failure to protect sensitive information.

According to the most recent global data breach statistics from Surfshark, Malaysia is experiencing a drop in percentage in the number of data breaches they suffered, with -77%. Malaysia is not the only country in Asia seeing a decline; Japan and South Korea both had drops of -81% and -77%, respectively.

Unfortunately, none of the other nations on this list, including Vietnam, Indonesia, and the Philippines, experienced a decline. According to the statistics, Vietnam had a 436% spike in data breaches, followed by the Philippines with 239% and Indonesia with 1368%.

Individuals and organizations must take precautions to protect themselves. Governments and regulatory authorities must implement strict rules and regulations to hold companies accountable when they fail to protect sensitive data.

---

---

---

---