Massive Malaysia data breach traced to Oman, police chief says

The breach appears to be one of the largest leaks of customer data in Asia, and has alarmed many people in Malaysia, whose total population is 32 million.
The breach appears to be one of the largest leaks of customer data in Asia, and has alarmed many people in Malaysia, whose total population is 32 million.PHOTO: REUTERS

KUALA LUMPUR - Malaysian authorities investigating a massive online breach of data involving 46 million mobile phone users have traced the leak to an Internet Protocol address in Oman, New Straits Times on Saturday quoted the police chief as saying.

Inspector-General of Police Mohamad Fuzi Harun said the team, comprising police and internet regulator Malaysian Communications and Multimedia Commission (MCMC), had some leads and those involved had been identified.

But there have been no arrests so far.

"Not yet... it is not easy as it is a complicated case. However, investigations are ongoing," he told NST.

He did not say how investigators had traced the breach to the Arabian peninsula, or what would be the next steps to be taken.

The data breach involves the personal details of tens of millions of Malaysians in a 2014 breach. The data was at one point being put up for sale online.

The breach appears to be one of the largest leaks of customer data in Asia, and has alarmed many people in Malaysia, whose total population is 32 million.

Cybersecurity experts have said the leaks could allow criminals to create fraudulent identities to make online purchases, as they included lists of mobile phone numbers, identification card numbers, home addresses, and SIM card data of 46.2 million customers.

The data also contained personal data from some medical associations and a jobs portal.

Tan Sri Fuzi, asked if Malaysian telecommunications companies had been excluded from the list of suspects, said it was too early to make a conclusion.

He had said on Thursday that the data breach could have taken place during a data transfer, when several "crooked employees of a company" took advantage of the situation.

"I can assure that no syndicates are involved with the case. We believe the company itself is not involved in the crime," he was quoted as saying by The Sun Daily newspaper.

The MCMC has said it has met with local telecommunications companies to cooperate in the investigation.

Online forum Lowyat.net, which raised the alarm over the issue last month, claimed on Monday that the data was sold for an undisclosed amount using digital currency Bitcoin.