Data breaches are one of the most significant threats facing businesses today, particularly in Malaysia, where the number of data breach cases continues to rise. From large corporations to small and medium-sized enterprises, businesses of all sizes must take steps to protect sensitive information from being stolen or misused.
Data Breach Cases In Malaysia In 2022 & 2021
Multiple Malaysian companies experienced data breaches in 2022, putting personal information at risk. Here are a few examples:
An airline suffered a ransomware attack by a group called Daixin, putting the personal information such as names, email addresses, and phone numbers of 5 million passengers at risk. The company detected unauthorized access to its servers on November 12th and is working with the Communications Ministry to track the perpetrators. Daixin admitted to the attack and stated their dissatisfaction with the airline and their lack of standards.
A government agency experienced a data breach resulting in the exposure of registered voters’ MyKad numbers, names, emails, passwords, and addresses, as well as their pictures and identity card numbers. The stolen information is being sold for $2,000 in cryptocurrency.
Millions of personal data belonging to a government agency were found for sale online for a mere US$10,000 (RM44,095). The data was claimed to contain the details of all individuals born in Malaysia from 1940 to 2004. The 160GB database includes full names, ID card numbers, addresses, dates of birth, genders, races, religions, mobile numbers, and Base54-based photos. Even the details of a minister were posted as proof of authenticity.
Personal information of three million vaccine recipients was stolen by an unauthorized account for vaccine administration under the MyVAS system. This data breach affected millions of users, making it one of the biggest data breaches in Malaysia in 2021.
A telecommunications company faced a data breach in Dec 2022, affecting the contact information of 250,248 customers. The breach involved customer names, phone numbers, and emails, and the affected customers were notified.
A data breach on an e-commerce platform affected 2.6 million users from Malaysia and Singapore. The hackers stole account information, including names, emails, and phone numbers, and sold it for $1,000. A bug caused the breach in a third-party’s system migration. The platform has advised affected users to be cautious of phishing attempts and not to share their passwords.
A widely used e-payslip system experienced a data breach where a group of hackers, claiming to be a ‘grey hat’ cyber security organization, accessed over a million rows of identities in the system’s database. The breached data includes government employee’s MyKad number, rank, department, payslip numbers, email address, and mobile phone number. The group also extracted almost two million payslips and tax forms in PDF format with a total file size of 188.75GB.
A Malaysian payment gateway company suffered a cybersecurity incident that resulted in customers’ card data being compromised. The company promptly initiated an investigation and brought in relevant experts to contain the issue after discovering it on May 21. As a result, a prepaid card provider then offered free replacement cards to those affected by the breach.
Top Common Type Of Data Stolen
Cybercriminals are constantly seeking out vulnerabilities in computer systems, networks, and software applications to steal sensitive information they can use to their advantage. Here are the top types of data commonly stolen in such environments.
The Consequences of Data Breach
Data breaches can have severe consequences for businesses or organizations. Here are some of the critical impacts of a data breach: