Focus View
Personal data is sacred
FocusM team | 03 Nov 2017 00:30
Malaysia has been put on the world map once again for all the wrong reasons. News that the personal data of 46 million mobile phone subscribers was leaked online made international headlines. 

The leak is said to have originated from a massive data breach back in 2014. If true, this is totally unacceptable as it implies either nothing has been done since then and/or all those involved have remained complacent. 

This unacceptable episode raises many questions. The fact that nearly every single mobile subscriber’s data was breached means either all the data was stored in one place or hackers breached the database of mobile telecommunications companies (telcos) individually. 

The Malaysian Communications and Multimedia Commission (MCMC) says it has identified the possible sources of the breach. But can the MCMC or telcos give subscribers an assurance such a breach will never recur? 

We can’t be blamed for fearing that such a breach could occur in other sectors, especially the lucrative banking sector. On the other hand, if the banks’ firewalls and security are much better, have the telcos been complacent by not stepping up their security?

One possible short-term measure is to change the current phone SIM cards. But as long as the source of the data breach has not been neutralised, there is nothing to stop the data from being lost again despite the new SIM cards.  

The authorities must wake up and take appropriate measures now before other industries get hit too. It is just a matter of time. In the past, it was reported that 81,309 records from the Malaysian Medical Council, Malaysian Medical Association and Malaysian Dental Association were leaked.

Telcos and the authorities have been quiet on news of the breach, apart from the usual public relations-centric type of response that the matter is being investigated. 

Those responsible for the monitoring and safety of all these personal data must be severely reprimanded to let the public know that the authorities are taking the matter seriously. It should not be swept under the carpet. 

In the meantime, how will the authorities deal with the serious fallout from this breach? There is every possibility that the leaked personal data will be abused by criminals. What then?