HUNDREDS of thousands of credit card details from at least six Southeast Asian countries – including Malaysia and Singapore – have been leaked online, according to India-based cybersecurity start-up Technisanct, reports the South China Morning Post.
The company said it had found a series of data breaches involving credit card details issued by top banks in Singapore, Malaysia, the Philippines, Vietnam, Indonesia and Thailand.
“The results are alarming as it seems no one is aware that such a huge volume of payment card details – including the CVV and PIN – are available,” said CEO Nandakishore Harikumar, referring to the card verification value and personal identification number. Anyone with access to those details could cause financial losses to the owner of the cards, he added.
Technisanct said its research found that credit cardholders in the Philippine were the worst hit, with 172,828 cards breached, while Malaysia and Singapore had 37,145 and 25,290 cards breached respectively.
According to Nandakishore, in the past week his team had identified even more cards available for sale from these six countries. Although many systems required a one-time transaction password, there were portals that did not require this, he said.
Nandakishore said he had emailed the Computer Emergency Response Team (CERT) – which handles cybersecurity incidents – in each country and advised them to take action, although not all had responded.
In Malaysia, both Cybersecurity Malaysia and the central bank, which regulates financial institutions, declined to comment.
CIMB Group Holdings – allegedly one of the affected banks – said it had “no credible evidence that any actionable customer data has been compromised from us.”
“CIMB takes data privacy and protection seriously and has taken the necessary security measures to ensure all customers’ personal information remain secured. We continuously monitor all avenues to ensure that our customer data remains protected where possible,” a spokesperson said.
It is understood that the CERTs of both Vietnam and Malaysia are investigating the matter.
Meanwhile, the Monetary Authority of Singapore said it was constantly monitoring cyber threats, including cyberattacks that may result in payment card fraud, as part of its surveillance.
“We note that security vendors have reported a rise in incidents of data theft internationally, including loss of card details from compromised e-commerce websites,” a spokesperson said, adding that it had strict requirements for financial institutions in Singapore to implement information technology controls to protect sensitive information from unauthorised disclosure.
“Card issuers have well-established processes to handle credit cards whose details have been leaked. Card issuers have also put in place real-time fraud monitoring to detect and block suspicious transactions promptly,” the MAS said. – March 6, 2020