Critical Infrastructure Security
,
Cybercrime
,
Fraud Management & Cybercrime
Maybank – Country’s Largest Institution – Denies Data Breach
Malayasian Communications and Digital Minister Fahmi Fadzil ordered an inquiry into an alleged massive data breach affecting around 13 million citizens. The leaks reportedly involve data from Maybank, satellite broadcaster Astro and the Election Commission.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge
Fadzil ordered the national cyber security specialist agency CyberSecurity Malaysia and the Malaysian Personal Data Protection Department to investigate whether there is a data leak involving the parties concerned and take legal action.
On Saturday, Malaysia’s largest financial services group Maybank denied the alleged claim of a customer data breach. It said, “After investigation, it confirms that these accusations are false.”
“We would like to reassure you that your data remains secure [and] private and that no customer data has been compromised. We will continue to prioritize our cyber security measures as customer data protection is of the utmost importance to us,” the bank said. https://twitter.com/MyMaybank/status/1609089839579951105
The leak came to light after a Facebook user by the name Pendakwah Teknologi tagged Fadzil and shared details about the data leak.
He shared screenshots of the data available in the breach forum including information like username, name and surname, date of birth, address and identity numbers.
The alleged post on the breach forum was made on December 25, 2022, that said:
- 3.5 million Astro information leaked;
- 1.8 million MAYBANK information leaked;
- 7.2 million SPR information leaked.
In response to Pendakwah Teknologi’s post, Fadzil said, “This is a serious alleged leak, involving a large amount of data. I will ask CyberSecurity Malaysia, the Malaysian Personal Data Protection Department to investigate whether there is a data leak involving the parties concerned, and take legal action.”
The leak was first uncovered by the ThreatMon, a cyberthreat intelligence platform on December 26, 2022.
Investigation Uncovered
Fadzil on Friday said that the Ministry of Communications and Digital, through the Personal Data Protection Department in collaboration with CyberSecurity Malaysia is seeking feedback from Maybank and Astro to ensure the legitimacy of data ownership.
The investigation uncovered the Maybank account number information on the website in question was invalid or non-existent. The minister said that the alleged data leak might be in reference to an incident that occurred in 2018.
“Official confirmation from the relevant parties is required for the purpose of a detailed investigation under the Personal Data Protection Act 2010 (Act 709),” Fadzil said.
Regarding the data involving the Election Commission, Fadzil said that the investigation findings will be submitted to the National Cyber Security Agency for further action since it is outside the jurisdiction of Act 709.
Additionally, the minister also announced that they have submitted a restriction notice to the Malaysian Communications and Multimedia Commission to prevent the public from accessing the alleged website, where the data has been posted.