Uncovering Malaysia's Top Data Breaches of 2022

Data breaches are one of the most significant threats facing businesses today, particularly in Malaysia, where the number of data breach cases continues to rise. From large corporations to small and medium-sized enterprises, businesses of all sizes must take steps to protect sensitive information from being stolen or misused.

Data Breach Cases In Malaysia In 2022 & 2021

Multiple Malaysian companies experienced data breaches in 2022, putting personal information at risk. Here are a few examples:

An airline suffered a ransomware attack by a group called Daixin, putting the personal information such as names, email addresses, and phone numbers of 5 million passengers at risk. The company detected unauthorized access to its servers on November 12th and is working with the Communications Ministry to track the perpetrators. Daixin admitted to the attack and stated their dissatisfaction with the airline and their lack of standards.

A government agency experienced a data breach resulting in the exposure of registered voters’ MyKad numbers, names, emails, passwords, and addresses, as well as their pictures and identity card numbers. The stolen information is being sold for $2,000 in cryptocurrency.

Millions of personal data belonging to a government agency were found for sale online for a mere US$10,000 (RM44,095). The data was claimed to contain the details of all individuals born in Malaysia from 1940 to 2004. The 160GB database includes full names, ID card numbers, addresses, dates of birth, genders, races, religions, mobile numbers, and Base54-based photos. Even the details of a minister were posted as proof of authenticity.

Personal information of three million vaccine recipients was stolen by an unauthorized account for vaccine administration under the MyVAS system. This data breach affected millions of users, making it one of the biggest data breaches in Malaysia in 2021.

A telecommunications company faced a data breach in Dec 2022, affecting the contact information of 250,248 customers. The breach involved customer names, phone numbers, and emails, and the affected customers were notified.

A data breach on an e-commerce platform affected 2.6 million users from Malaysia and Singapore. The hackers stole account information, including names, emails, and phone numbers, and sold it for $1,000. A bug caused the breach in a third-party’s system migration. The platform has advised affected users to be cautious of phishing attempts and not to share their passwords.

A widely used e-payslip system experienced a data breach where a group of hackers, claiming to be a ‘grey hat’ cyber security organization, accessed over a million rows of identities in the system’s database. The breached data includes government employee’s MyKad number, rank, department, payslip numbers, email address, and mobile phone number. The group also extracted almost two million payslips and tax forms in PDF format with a total file size of 188.75GB.

A Malaysian payment gateway company suffered a cybersecurity incident that resulted in customers’ card data being compromised. The company promptly initiated an investigation and brought in relevant experts to contain the issue after discovering it on May 21. As a result, a prepaid card provider then offered free replacement cards to those affected by the breach.

Top Common Type Of Data Stolen
Cybercriminals are constantly seeking out vulnerabilities in computer systems, networks, and software applications to steal sensitive information they can use to their advantage. Here are the top types of data commonly stolen in such environments.

  • Personal Identifiable Information (PII)
    This type of information includes data that identifies individuals, such as their names, addresses, IC Numbers, personal financial information, etc. PII is often stolen by cybercriminals to commit identity theft and financial fraud.
  • Financial Information
    Cybercriminals target businesses and organizations storing financial data, such as credit card and bank account details and financial statements, to commit various crimes, such as stealing money and making fraudulent purchases.
  • Intellectual Property
    Hackers often target valuable intellectual property, such as trade secrets, patents, and copyrights, to gain a competitive advantage or sell to other companies.
  • Healthcare Data
    Healthcare organizations store a significant amount of sensitive patient data, including medical records, insurance information, and other personal health information.

The Consequences of Data Breach
Data breaches can have severe consequences for businesses or organizations. Here are some of the critical impacts of a data breach:

  • Financial loss
    A data breach can result in significant costs for a business or organization, including investigating and repairing the breach, compensating affected individuals or organizations, and potentially facing fines or lawsuits.
  • Damage to reputation
    A data breach can erode trust in a business or organization, leading to a loss of customer loyalty and decreased revenue.
  • Legal consequences
    Data breaches can result in legal consequences, such as fines or lawsuits, mainly if the violation involves sensitive personal or financial information.
  • Regulatory compliance
    Many industries are subject to data privacy and security regulations, and a breach can result in non-compliance and additional penalties.
Preventing data breaches with a Managed Security Services (MSSP) Good technologies require good people. Preventing data breaches requires talented people, mature processes and advanced technology. An experienced MSSP like Bridgenet offers businesses the expertise and resources necessary to ensure your data is secure. Bridgenet’s services includes professional IT Security & Managed Services, including but not limited to Endpoint, Network, Data Center, Security Assets, Security Information And Event Management (SIEM), Managed Detection and Response (MDR) and Proactive Threat Hunting. Bridgenet delivers commitment, professionalism and expertise in all our services. Our team of experts will work with you to assess your current security measures and recommend the best solutions for your business needs. Contact Bridgenet today.