Following media reports of personal data of Astro customers currently on sale online, the pay-TV operator confirmed the incident. Astro said that the leaked personal data are from the customers of Astro-Maxis IPTV subscribers.
Earlier today, technology news portal Lowyat reported that it discovered some 60,000 accounts of Astro customers are currently on sale online. The leaked data was 1st discovered in January 2018, however Astro is only revealing it today.
Lowyat reported, “The database was specific to Astro IPTV customers, and the seller claimed that they have up to 50,000 customer details, which included the Customers Name, Installation Address, MyKAD number, Mobile Phone Number, Equipment and Portal ID numbers, as well as subscribed package information.”
Astro said in media statement a few hours ago that it first become aware of the incident on 26 January 2018 and has since lodged two police report in February 2018 and today. It said that apart from these Maxis-Astro IPTV customers, no other Astro subscribers were affected.
Attempts to reach Maxis for a comment failed at the time of publishing this article.
Astro also offers its IPTV packages with Time dotCom, however no breach has been reported so far.
Below is the full statement from Astro:
[box type=”info” align=”aligncenter” ]Astro would like to clarify media reports concerning the unauthorised disclosure of Astro IPTV customer data. Firstly, this relates to IPTV customers provisioned by Maxis only. The management of IPTV customers is a joint responsibility between Astro and its telco partner, Maxis Broadband Sdn Bhd (Maxis). No other Astro customers are affected.
Astro was made aware of this incident on 26 January 2018. On the same date we sought assistance from MCMC and had the search engine provider remove the link. All trace of customer data online was immediately removed. Subsequently, Astro lodged a police report on 8 February 2018.
Protecting our customer data is of utmost importance to us and we have complied with all data protection protocols and obligations. In any case we have revalidated all our security measures and confirm they are intact.
It has now come to our knowledge that this data has resurfaced and Maxis was promptly requested to extend its assistance with the investigation. Astro lodged a second police report today, informed MCMC and will also lodge a report to the Department of Personal Data Protection.
We are working closely with the authorities to address the issue. We confirm no customer financial data was disclosed. We are also working with Maxis to carry out additional forensic investigations.
We will provide an update once we receive more information from the authorities. Meanwhile, we will remain vigilant in our data protection efforts in protecting our customers’ data.[/box]
[Update, 7 June] A Maxis spokesperson said that the Telco made a police report yesterday. As for Astro, its Group CEO has resigned today.