A report by MalaysiaKini published today suggest that personal data stolen from telecommunications companies (Telcos) may have been destined for the public cellular blocking service set up by Malaysian Communication and Multimedia Commission (MCMC), intended to deter mobile phone theft.
The leak was first reported by technology news portal, Lowyat in mid October 2017. Some 46.2 million Malaysian mobile users data from 2014 was on sale for merely 1 Bitcoin (RM32,000). The leak includes postpaid and prepaid numbers, customer details, addresses as well as sim card information – including unique IMEI and IMSI numbers.
Other customer data are from Jobstreet.com, the Malaysian Medical Council, the Malaysian Medical Association, Academy of Medicine Malaysia, the Malaysian Housing Loan Applications, the Malaysian Dental Association and the National Specialist Register of Malaysia was also part of the sale.
[box type=”note” align=”aligncenter” ]In the analysis, Malaysiakini found several file names of the telco data containing either the word PCBS, MCMC or SKMM. File names from at least six telcos had used these references. MCMC and SKMM are abbreviations for the Malaysian Communications and Multimedia Commission, while PCBS is short for the Public Cellular Blocking Service.
The PCBS, launched in February 2014, was an initiative by the MCMC to provide a service that allowed stolen phones to be blocked from making calls, texting or accessing the Internet – even if the sim card is changed.
For this purpose, the Malaysian Central Equipment Identity Register (MCEIR) was created, which is a database of International Mobile Equipment Identity (IMEI) number, a unique serial that can identify every mobile phone in the country.
The leaked telco files, on top of personal information, also contained IMEI and were last modified between May and July 2014.
A telco executive, speaking on condition of anonymity, confirmed to Malaysiakini that the telcos had compiled a database of their users and handed them over for the PCBS. –MalaysiaKini
Launched in January 2014, the Public Cellular Blocking Service (PCBS) is a service initiated by the MCMC that blocks lost or stolen mobile phones from accessing all cellular networks in Malaysia. Once a stolen phone is reported to the mobile service provider, PCBS uses the International Mobile Equipment Identity (IMEI) numbers to block/unblock lost or stolen mobile phone. Owners of the mobile phone could unblock their phone once the device is recover
Despite involving millions of personal data, the Public Cellular Blocking Service (PCBS) is operated by a private firm, Nuemera Sdn Bhd.
On 18 September 2007, the Ministry of Energy, Water and Communications Malaysia directed MCMC to appoint Nuemera as the operator of Public Cellular Blocking Service (PCBS):
When contacted by MalaysiaKini, Bukit Aman’s CCID principal assistant director (cybercrime and multimedia investigations), Ahmad Noordin Ismail, confirmed that police were investigating Nuemera over the data leak. However, he did not disclose the nature of the investigation.
MalaysiaKini said both the MCMC and Nuemera declined to comment on questions regarding the stolen data and the PCBS.
The Communications and Multimedia Minister also declined to comment on this matter according to TheStar. “I don’t want to comment. Ask the MCMC,” Datuk Seri Dr Salleh Said Keruak told reporters in Parliament here on Monday.