UPDATE (22 July 12:50PM): Following its initial investigation U Mobile has confirmed its initial findings. Which is to say that the data set that the hackers have posted recently were from 2014, which got mainstream reporting in 2017.
ORIGINAL STORY (18 July 1:00PM):
Hackers recently posted for sale what is claimed to be a dataset containing personally identifiable information of about four million U Mobile customers. The telco had issued a statement saying that it was actively investigating the incident, and more recently, has found that the data breach was not a new one.
In a new statement, U Mobile says that it “acknowledges the recent allegations of a data breach”, but claims that its “preliminary investigations indicate that there was no breach to our current systems”. Instead, the telco claims that “the data in question is suspected to be from the 2014 Malaysian data breach, which was previously reported to the authorities in 2017″.
For context, at the time, said breach leaked about 46.2 million phone numbers from Malaysian telcos and mobile virtual network operators (MVNO). Also leaked at the time were databases from the Malaysian Medican Council, the Malaysian Medical Association and Malaysian Dental Association, also containing personally identifiable info.
U Mobile also says that “We are continuing to work with the relevant authorities to address this matter and will provide updates once information is secured”. The company reiterates its taking matters of and data security seriously, as it did in the initial statement.
