KUALA LUMPUR – The Communications and Multimedia Minister declined to comment on a news report that the massive data breach of Malaysian mobile subscriptions could be traced to a company appointed by the Malaysian Communications and Multimedia Commission (MCMC).
“I don’t want to comment. Ask the MCMC,” Datuk Seri Dr Salleh Said Keruak told reporters in Parliament here on Monday.
Earlier Monday, an MCMC spokesperson said the ministry would address the issue in Parliament.
This follows a special report by news portal Malaysiakini that after analysing the data from the breach, it traced the source to a company named Nuemera Sdn Bhd.
Each EIR was supposed to be linked to a Malaysian Central Equipment Identity Register (MCEIR), to which the IMEI codes of stolen phones would be forwarded, a telecommunications industry source told The Star at the time.
The source said all blacklisted IMEI codes would then be stored in the EIRs to render the phones unusable on any network and to block any attempt to reactivate the devices with new SIM cards.
Once blocked, the phone cannot ever be reactivated.
Bukit Aman’s Commercial Crimes Investigation Department principal assistant director (cybercrime and multimedia investigations) Senior Assistant Commissioner Ahmad Noordin Ismail told Malaysiakini that police were investigating Nuemera over the data leak.
However, he did not disclose the nature of the investigation to the portal.
MCMC chief operating officer Mazlan Ismail told Malaysiakini that he could not answer if the leak and the PCBS were connected.
The data breach itself is believed to have occurred in 2014, but news only broke in October this year when an unknown person tried to sell the stolen data on the forums of technology news portal LowYat.net.
The data also includes private information of more than 80,000 individuals leaked from the records of the Malaysian Medical Council, the Malaysian Medical Association, and the Malaysian Dental Association, as well as users of recruitment portal JobStreet.
The MCMC and police are both investigating the breach, and earlier this month, Salleh Said said the probe was almost complete.
Inspector-General of Police Tan Sri Mohamad Fuzi Harun said police had identified the potential source of the breach.
“There is a possibility that this (the breach) occurred after several employees from a company tasked with transferring the data took advantage of the situation,” he told reporters on Nov 17.
While not disclosing much on the company, Mohamad Fuzi said the company itself was not involved in the breach.
“I can’t reveal everything at the moment, but we have leads as to how it happened. I believe we have identified those involved.
“Our investigations are still ongoing,” he said then.