Minister: No comment on news report on source of massive data breach
Datuk Seri Dr Salleh Said Keruak. -Bernama filepic
KUALA LUMPUR: The Communications and Multimedia Minister declined to comment on a news report that the massive data breach of Malaysian mobile subscriptions could be traced to a company appointed by the Malaysian Communications and Multimedia Commission (MCMC).
“I don’t want to comment. Ask the MCMC,” Datuk Seri Dr Salleh Said Keruak told reporters in Parliament here on Monday.
Earlier Monday, an MCMC spokesperson said the ministry would address the issue in Parliament.
This follows a special report by news portal MalaysiaKini that after analysing the data from the breach, it traced the source to a company named Nuemera Sdn Bhd.
All mobile service operators were told to install an Equipment Identity Register (EIR) so that the 15-digit International Mobile Station Equipment Identity (IMEI) code, a number unique to every phone, can be blacklisted if the device is reported stolen.
Each EIR was supposed to be linked to a Malaysian Central Equipment Identity Register (MCEIR), to which the IMEI codes of stolen phones would be forwarded, a telecommunications industry source told The Star at the time.
The source said all blacklisted IMEI codes would then be stored in the EIRs to render the phones unusable on any network and to block any attempt to reactivate the devices with new SIM cards.
Once blocked, the phone cannot ever be reactivated.
It is believed that Nuemera was the source of the data breach involving more than 46 million mobile phone numbers, MalaysiaKini reported on Monday.
The data breach itself is believed to have occurred in 2014, but news only broke in October this year when an unknown person tried to sell the stolen data on the forums of technology news portal LowYat.net.
The data also includes private information of more than 80,000 individuals leaked from the records of the Malaysian Medical Council, the Malaysian Medical Association, and the Malaysian Dental Association, as well as users of recruitment portal JobStreet.
The MCMC and police are both investigating the breach, and earlier this month, Salleh Said said the probe was almost complete.
Inspector-General of Police Tan Sri Mohamad Fuzi Harun said police had identified the potential source of the breach.
“There is a possibility that this (the breach) occurred after several employees from a company tasked with transferring the data took advantage of the situation,” he told reporters on Nov 17.
While not disclosing much on the company, Mohamad Fuzi said the company itself was not involved in the breach.
“I can’t reveal everything at the moment, but we have leads as to how it happened. I believe we have identified those involved.
“Our investigations are still ongoing,” he said then.
Read more at https://www.thestar.com.my/news/nation/2017/11/27/minister-no-comment-on-news-report-on-source-of-massive-data-breach/#FdxVHIPr7cPKGbHy.99
