It looks like we will end 2022 with another incident of Malaysian user data being stolen and then sold on the black market. This time around 13 million user data that is said to come from Astro, Maybank and SPR has been offered openly on a site that is often used as a place to buy and sell hacked databases.
In the samples we saw, the leaked information was full name, MyKad number, full residential address and phone number. All of this is very sensitive data as it can be used for identity fraud. This incident has already received the attention of Digital Communications Minister Fahmi Fadzil this morning with instructions given to CyberSecurity Malaysia and the Personal Data Protection Department so that action is taken.
As this is not the first or second or third time that millions of Malaysian users' data has been sold to the web arena this year, it makes public trust in online services even more shaky. This stolen data will then be used to commit online fraud such as the existence of arrest warrants, IRB arrears and supposedly having a family member currently in custody.
The time has come for the government to be more serious about this problem that has been going on for a long time because so far it has had a big impact on users, but the parties entrusted with holding user data have not been subject to strict action so far.