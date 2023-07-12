In an announcement today, Telekom Malaysia, the largest Internet service provider (ISP) in the country disclosed a significant data breach involving the personal information of its Unifi customers. This unfortunate incident marks the second breach to hit the company’s systems in less than seven months.

The data breach contained “historical Unifi customers’ personal information” that includes name, national identification/passport number, and contact details,”.

However, the company assures its customers that no financial information was compromised in the breach.

The ISP said it reported the matter to the relevant authorities (National Cyber Coordination & Command Centre (NC4); Department of Privacy & Data Protection (JPDP); & the Malaysian Communications & Multimedia Commission (MCMC)).

One former Unifi customer, who terminated his broadband subscription back in 2016, received an email providing insight into the severity of the breach. This communication serves as a testament to the far-reaching consequences of the incident, as it underscores the exposure of personal data even long after the termination of services. Below is a copy of the email that was received today:

Dear Valued Customer, We have been made aware of a data breach incident recently, involving certain information of select Unifi customers. We confirm that the breach has been contained and the steps to minimise the potential impact to our affected customers have been taken. We have also notified relevant authorities for further actions. Protecting our customers is our highest priority. As soon as we became aware of the breach, additional security measures were made to isolate the risk as we launched immediate investigation into this matter. We regret to inform that some of your personal details may have been compromised. Details include name, MyKad/passport number and contact details. No other information was breached. We continue to conduct additional assessments to institute further security measures. To safeguard yourself, we recommend you to: – be cautious for any unsolicited communications (such as phone calls, SMS, WhatsApp and emails)

– avoid clicking on links or downloading attachments from suspicious emails, or WhatsApp

– avoid sharing any personal information with unauthorised parties We apologise for the inconvenience and remain committed to serve you better.

This latest breach follows a previous cyberattack that occurred on 28 December 2022, affecting 250,248 Unifi Mobile customer. In that instance, customer names, phone numbers, and email addresses were stolen, further highlighting the vulnerability of Telekom Malaysia’s systems.

Despite these back-to-back incidents, Telekom Malaysia assures its customers that all Unifi services remain “fully operational with no impact to its users,” echoing a similar promise made seven months ago in the wake of the previous breach.

Unfortunately, Telekom Malaysia has remained silent regarding the specific steps taken to protect its system and mitigate the repercussions of the recent data breach. Customers, who are rightfully concerned about their personal information and its potential misuse, have been left in the dark without any guidance or helpful resources from the company.

The “business-to-business arm” of Telekom Malaysia Berhad (TM), TMOne, claims to offer “world-class security that combats the increasing flood of cyber threats cost-effectively,” as stated on its official website. However, these recent breaches raise questions about the efficacy of these security measures and the need for more robust safeguards to protect customer data in the future.

As of the time of writing, both the Malaysian Communications and Multimedia Commission (MCMC), the regulatory body responsible for overseeing the country’s communications industry, and the Minister of Communications and Digital have yet to make a statement regarding the recent data breach at Telekom Malaysia.