Focus View
Data leak: The unanswered questions
FocusM team | 01 Dec 2017 00:30
The latest on the personal data leak saga is that a staff of a company contracted by the Malaysian Communications and Multimedia Commission (MCMC) is under investigation. The leak affects 46.2 million mobile phone subscribers in the country.

The manner in which this whole episode is evolving raises questions. Foremost, can we have the assurance that such a leak will not recur? Leaks from the telecommunications industry are bad enough. Imagine if such data breaches happen in the banking sector, too.

The MCMC says it can’t comment on the data breach as it is part of on-going investigations by the police. The Minister concerned also declined to comment and suggested that those interested check with the MCMC. 

Passing the buck remains the order of the day. But while investigations are on-going, surely the MCMC or other authorities can tell us the steps that will be, or are being taken to ensure such a breach does not happen again? 

If the data was obtained via hacking, are the firewalls being strengthened? If the data breach was an inside job by unscrupulous staff out to make money from the sale of the data, how can we stop a recurrence? 

Being the telecommunications industry regulator, surely the standard operating procedure (SOP) of handling such sensitive data by the MCMC must be reviewed? The MCMC, or any regulatory authority for that matter, must realise that they should be “preventing fires” rather than “fighting fires”. 

When news of the leak first broke, those concerned reportedly informed the MCMC of the breach and subsequently uploaded an article on the theft. The public is dumbfounded that the MCMC ordered the article to be taken down. 

It was reported recently that the source of the leak has been traced to the Public Cellular Blocking Service (PCBS). It is a system initiated by the MCMC to provide a service to deactivate mobile phones reported stolen and the MCMC appointed a private company to manage it. 

Managing and protecting sensitive data is the MCMC’s responsibility. According to an MCMC circular in April 2013, telcos were asked to pay an annual fee of RM1.50 per active user to facilitate the operations of the PCBS. The fee was lowered to 50 sen per active user in April. 

After collecting the fees, the least the MCMC can do is to ensure the data entrusted to it is safe.