Telekom Malaysia (TM) announced today that it “has been made aware” of a data breach involving Unifi Mobile customers.
The incident took place on 28 December 2022, affecting 250,248 Unifi Mobile customer, according to TM. Data that was stolen include customer names, phone numbers and emails.
It is believed that there are around 1 million unifi Mobile customers.
Telekom Malaysia (TM) is the leading broadband service provider in the country. The Telecommunications provider offers “world-class security that combats the increasing flood of cyber threats cost-effectively” via its enterprise and public sector business solutions arm, TM One.
The breach may have violated the Personal Data Protection Act 2010 (“PDPA”), an Act that regulates the processing of personal data in regards to commercial transactions. The penalty for non-compliance is around RM300k and/or between 1 to 3 years imprisonment.
According to TM, it has “taken steps to minimise the potential impact to these 250,248 customers” but did not provide further information on how it managed to secure personal information of these customers or any details on compensation.
Full statement from Telekom Malaysia below:
Telekom Malaysia (“TM” or “the Group”) has been made aware of a data breach (specific to contact information only) on 28 December involving a limited amount of Unifi Mobile customers’ information.
After investigations, TM has found 250,248 Unifi Mobile customers to be affected in this data breach, constituting both individual customers as well as SMEs. The type of data that was breached involved customer names, phone numbers and emails. No other information was breached.
TM confirms that the breach has been contained and have taken steps to minimise the potential impact to these 250,248 customers. The specific customers affected have been notified. Customers who have not received any notification are not impacted. TM has also reported this matter to the relevant authorities (National Cyber Coordination & Command Centre (NC4); Department of Privacy & Data Protection (JPDP); and the Malaysian Communications & Multimedia Commission (MCMC)).
While additional security measures have been put in place to isolate the risk and protect our customers, we wish to inform that our customers did not experience any service disruptions in this incident.
TM is closely monitoring the situation and is conducting additional assessments. We advise customers to take extra precautions when receiving communications from unknown parties, as well as to secure their online information at all times.
The privacy and security of TM’s customers remain our highest priority and we take such matters seriously. We will continue to strengthen and ensure our data security framework, policies, systems and processes are continuously benchmarked against Bank Negara Malaysia’s Risk Management in Technology (RMiT) standard and ISO27001, as well as other global standards to prevent such occurrences.