It has been reported that over 46 million Malaysians have been affected by a severe and wide-ranging data breach, mostly stolen from Malaysian telecoms companies, but also including some 80,000 medical records. More information below:
Commenting on this news is Mark James, Security Specialistat ESET and Lee Munson, Security Researcher at Compartiech.com:
Mark James, Security Specialist at ESET :
“As usual with this type of stolen data, the concern is what it’s going to be used for. When a user is presented with data that has a certain amount of truth, or even data that is of a known personal nature, then the chances of a successful phishing or scam attack are significantly higher. The user can immediately relate to the data and would in most cases follow any instructions that may be within an email, or even through a personal phone call; because in most cases we have no control over what is stored about us online, we have no choice but to comply. If we want the benefits of connected services and the ability for medical organisations to have all the info at hand in case of emergency, in most cases they have to have our most private details.
Sadly, we have no control over their resources used in securing this data, so there is nothing we can do when its goes missing except be more vigilant when approached by others. Don’t be afraid to double check phone calls and emails out of the blue when you have not requested a contact, it usually costs nothing to be extra safe and most companies would encourage it.”
Lee Munson, Security Researcher at Comparitech.com:
“Data breaches are becoming both more frequent and much larger in size so the news that millions of Malaysians may have been caught up in the country’s biggest ever information grab is not that surprising.
That the data may have come from multiple different sources, albeit primarily telecoms companies, is interesting as it would suggest the hacker, or hackers, behind the masses of personal data for sale have either been gathering it for some time from multiple sources, or a number of companies have been involved in the illicit sale of personal information.
Given the nation’s previous for internet security, the former is more likely, though that’s hardly comforting for the tens of millions of people potentially affected.
Quite how the victims of this alleged crime will recover remains unclear until the scope of the breach and validity of the information available for sale are confirmed.”