UPDATE (18 July 1:00PM): U Mobile has released another statement in regards to the breach with some preliminary investigation findings.
UPDATE (12:00PM): U Mobile has provided a short statement regarding the matter, which has been added at the end of the article.
ORIGINAL STORY (11:46AM):
Recently, Bloomberg reported that local telco U Mobile may be getting bought out by fellow telco Maxis. So it’s probably not so good a time to also learn that a hacker has claimed to have breached the security system of the former, making away with personal data of about four million customers.
You’ve probably guessed that the claim first appeared on hacker haven BreachForums. The hacker in question claims that the data set contains personally identifiable information such as names, MyKad and phone numbers, as well as addresses of U Mobile customers. All of that is being sold for US$5,000 (~RM23,365) in Bitcoin.
According to The Star, the Malaysian National Cyber Security Agency (NASCA) says that it is currently investigating the claims, and has also requested for details from U Mobile. At the time of writing, the telco has not yet commented on the claim.
BreachForums itself has come in multiple iterations, and have had the site seized by the FBI before, but it looks like that’s not stopping hackers from doing what they do. This also marks another security breach involving a Malaysians agency in recent times, with prior episodes involving the local Social Security Organisation and Immigration Department. We’ve reached out to U Mobile for comment, and will let you know when we hear back and the telco has stated that it is aware of such claims and is actively investigating the situation. Here’s the statement in full:
U Mobile is aware of the claims of recent alleged data breach. We are actively investigating this situation. We are working closely with the authorities to address this matter effectively and will provide relevant updates once confirmed information becomes available. We wish to assure all stakeholders that we take matters of cybersecurity and data privacy seriously and are dedicating all resources to thoroughly investigate the situation.
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.
