Australia probes data breach, as Malaysia investigates mobile phone leak affecting millions
Malaysia is investigating the theft of mobile phone records for 46.2 million customers, while an online security lapse in Australia exposed personal details of almost 50,000 employees.
The Malaysian government is working with carriers and police to investigate the issue and identify possible sources of the leak, the state news agency Bernama reported on Wednesday, citing Communications and Multimedia Minister Salleh Said Keruak. A spokesman confirmed his comments. The data may last have been updated in 2014, according to local reports.
In Australia, personal records of almost 50,000 workers at several government agencies and companies were left unsecured by a third-party contractor in one of the country’s worst data breaches, according to a report on Thursday by iTnews. Backup databases of employee records including names, passwords, salaries and some credit card numbers were accessible after the misconfiguration of an Amazon.com cloud storage product, it said.
“Companies should assume they will be breached and take steps to limit the impact of these incidents,” said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye. “The reality is many firms are unknowingly compromised.”
As the scale and frequency of major hacking attacks increases, companies and governments have come under intense pressure to shore up their cybersecurity.
Only about 2 per cent of corporate data is encrypted today, International Business Machines said in July.
Malaysia, with a population of 32 million, has a mobile penetration rate of 134 per cent as of March this year, according to government statistics. Almost 80 per cent of the 42.8 million subscriptions as of the first quarter are prepaid accounts.
The largest mobile phone companies in Malaysia include Maxis, Celcom Axiata and Digi.com. The companies as well as the Malaysian Communications and Multimedia Commission did not immediately reply to requests for comments or could not immediately be reached by Bloomberg News. Maxis, Celcom and Digi told The Star newspaper that they are supporting the investigation.
“If the data is as widely available as suspected, it’s likely to be abused by criminals for a wide variety of purposes, such as identity fraud and scams,” Boland said of the Malaysian theft. “It’s probably not the biggest breach to date in Malaysia, though it may be the biggest reported. Most breaches are never discovered, and many that are discovered are not reported.”
Australia has experienced several high profile hacks or data breaches in the past couple of years. Almost 30 gigabytes of commercially sensitive information related to Australian naval vessels and warplanes was reportedly stolen from a local defence contractor in 2016. The nation’s weather bureau was reportedly hacked in 2015.
The Australian government said it was aware of the breach involving a third-party contractor and that the exposed data was historical and partially anonymised.
“The Australian Cyber Security Centre was alerted to the breach in the first week of October and immediately contacted the external contractor to secure the information and remove the vulnerability,” the Department of the Prime Minister and Cabinet said in statement on Thursday.