Recently, a hacker posted a database containing U Mobile customers for sale on one of the world’s largest hacking forum, BreachForums.
The alleged U Mobile database contains personally identifiable information (PII) such as names, addresses, MyKad numbers, mobile phone numbers of 4 million users and the hacker is asking for USD5,000 (~RM23,380), according to The Star.
The National Cyber Security Agency (NACSA), the government agency overseeing cybersecurity incidents in Malaysia, said they are investigating the alleged data breach, and has also requested further details from U Mobile.
After this news was reported, U Mobile issued a press statement:
U Mobile confirms that the sample which was posted on BreachForums on 16 July 2024 is old data from 2014.
The sample also corresponds to breached data from the incident reported in 2017 that involved leakages of personal information of over 46 million users across various Malaysian organisations, dating back to 2014.
Once again, U Mobile confirms no evidence of unauthorised access into our database was found.
We are confident that our data is secure, and we would like to assure our customers that we put the utmost importance on cybersecurity and extensive measures are taken to safeguard our customers’ data.
U Mobile said the data posted on BreachForums was old, but it includes “46 million users across various Malaysian organisations”.
Though U Mobile might be safe for now, the implications of this statement are that Malaysians and local companies are very vulnerable to potential scams and cyberattacks.
