Jump to content

Putrajaya ends contract with firm over one of country's largest data leak


zanderthunder
 Share

Recommended Posts

zanderthunder

38a897a697326fa68ccf45576462acfa.jpg.d684ae2b5f26e3775914cd132df9df2a.jpg

 

Many Malaysians may have noticed an uptick of marketing and scam calls in recent years where the caller even have your personal details such as MyKad number.

 

This came as no surprise when the personal data of most mobile phone users were leaked from the very system contracted by the Malaysian Communications and Multimedia Commission (MCMC) to protect such users in 2017.

 

The government has since ended its contract with the contractor, Nuemera (M) Sdn Bhd, and criminal investigations on the matter were handed over to the Attorney-General's Chambers.

 

This was confirmed in a written reply from the Communications and Multimedia Ministry to Lembah Pantai MP Fahmi Fadzil (above) today.

 

Fahmi had asked how was it possible that Nuemera, which was contracted to manage MCMC's Public Cellular Blocking Service (PCBS), could fail to protect the personal data of 46.2 million mobile phone accounts leading to the leak and what actions have been taken against the company.

 

The PCBS, launched in February 2014, was an initiative by the MCMC to provide a service that allowed stolen phones to be blocked from making calls, texting or accessing the Internet - even if the sim card is changed.

 

For this purpose, the Malaysian Central Equipment Identity Register (MCEIR) was created, which is a database of International Mobile Equipment Identity (IMEI) number, a unique serial that can identify every mobile phone in the country.

 

All major telcos in the country had surrendered the IMEI number as well as other personal data, such as names, mobile phone number, home address and MyKad number for the system.

 

47b3aef23ae6b25ec600cd51893ff90a.jpg.c1f81a403b773b929ead7b123ebbb406.jpg

 

The written reply was scarce on details of how the leak happened but said action has been taken against Nuemera following an investigation by the MCMC, Personal Data Protection Department (JPDP) and police.

 

"Following the investigation, on Jan 26, 2018, MCMC had suspended Nuemera's appointment as it was found that the company breached basic provisions in the contract between MCMC and Nuemera.

 

"On May 21, 2018, MCMC issued a notice to Nuemera informing of MCMC's decision not to renew the PCBS agreement for another five years as provided as an option in the contract agreement," it said.

 

On the criminal investigation front, the ministry said JPDP had investigated the matter under Section 9 of the Personal Data Protection Act 2010.

 

Section 9 states that "A data user shall, when processing personal data, take practical steps to protect the personal data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction...".

 

The ministry said the matter was also investigated under Section 130 of the same act which concerns the unlawful collection of personal data as well as Section 4 of the Computer Crimes 1997 which concerns unauthorised access with intent to commit or facilitate the commission of a further offence.

 

"The investigation papers have been completed and was sent to the Attorney-General's Chambers for action," it said.

 

In November 2017, Malaysiakini reviewed the leaked data and found evidence that it was linked to the PCBS under the MCMC which outsources it to Nuemera. 

 

Source: Putrajaya ends contract with firm over one of country's largest data leak (via Malaysiakini)

Edited by zanderthunder
  • Like 2
Link to comment
Share on other sites

zanderthunder

MCMC suspended contract of company linked to massive telco personal data leak, Parliament told

KUALA LUMPUR: The Malaysian Communications and Multimedia Commission (MCMC) suspended the contract of a company linked to a massive data leak of personal details of telecommunications service providers' customers.

The Communications and Multimedia Ministry, in a parliamentary written reply, said that following investigations, MCMC terminated the appointment of Nuemera (M) Sdn Bhd on Jan 26,2018, as it had breached basic provisions of the contract agreement.

 

"On May 21 last year, MCMC issued a notice to Nuemera based on the Commission's decision not to renew the Public Cellular Blocking Service (PCBS) agreement for another five years as per the option within the contract agreement," said the ministry in reply to a question from Fahmi Fadzil (PH-Lembah Pantai) who asked how it was possible that Nuemera – which was contracted to manage MCMC's PCBS – could fail to protect the personal data of 46.2 million mobile phone accounts leading to the leak and actions that have been taken against the company.

 

The PCBS, launched in February 2014, was an initiative by the MCMC to provide a service that allowed stolen phones to be blocked from making calls, texting or accessing the Internet – even if the subscriber identification module (SIM) card was changed.

 

The Ministry said the Personal Data Protection Department (JPDP) had investigated the matter under Section 9 and Section 130 of the Personal Data Protection Act 2010, which concerns the unlawful collection of personal data, as well as Section 4 of the Computer Crimes Act 1997, which touches on unauthorised access with intent to commit or facilitate the commission of a further offence.

 

"Investigation papers have been completed and submitted to the Attorney General's Chambers (AGC) for further action," said the Ministry.

 

On Oct 19,2017, news portal Lowyat.net reported the breach involving 46 million mobile phone numbers after receiving a tip-off that someone was attempting to sell huge databases of Malaysians' personal details for an undisclosed amount of the digital currency Bitcoin.

 

Source: MCMC suspended contract of company linked to massive telco personal data leak, Parliament told (via The Star Online)

 

Nuemera claims police have cleared it. Who’s responsible for the massive data leak then?

 

191021-malaysia-data-breach-nuemera-mobi

 

Malaysia faced possibly one of its largest telco data leak ever back in 2017. Lowyat.net reported that over 46 million users had their data compromised, and that someone was trying to sell the information for an undisclosed amount of Bitcoin.

 

Today, Nuemera–the company that provides the public cellular blocking service (PCBS)–claims that the police have cleared them of any wrongdoing in a letter that was issued to them through their lawyer Nuemera quotes that the Royal Malaysian Police (RMP) said:

 

Quote

“To date, the result of the investigation revealed that there was no evidence that Nuemera (M) Sdn Bhd, as well as its staff was involved in the leak or sale of data on the Internet”

 

According to Nuemera, the company provided their fullest cooperation to the investigations that was led by the Royal Malaysian Police which commenced in October of 2017. This data breach involved multiple parties including the Malaysian Communications and Multimedia Commission (MCMC), Nuemera and several telecommunications companies.

 

The data breach included information like postpaid and prepaid phone numbers, customer details, addresses, and SIM card information including IMEI and IMSI numbers. In addition, three databases belonging to the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA) and the Malaysian Dental Association (MDA) were leaked.

 

When MCMC launched the PCBS in February of 2014, the intention was to provide a service that allowed stolen phones to be blocked from making calls, texting or accessing the Internet. Because of the kind of information that was stolen, it seemed logical that the source of the breach would have come from the PCBS. However, Nuemera says that they took the RMP’s letter to them as affirmation that there has been no evidence that the data leaked on the internet originated from them or the PCBS.

 

Additionally, they clarified that despite the “some media” reports indicating that they were terminated by the the MCMC, Nuemera is in full compliance and have fulfilled all obligations as per their contract with the MCMC. However, Nuemera states that as there are “contractual disputes” pertaining to the same, MCMC and Nuemera have mutually agreed to refer the matter to the Asian International Arbitration Centre (AIAC) and are unable to comment further.

 

This comes following a parliamentary written reply that the ministry made in reply to a question by Lembah Pantai MP Fahmi Fadzil about how personal data for the 46.2 million mobile phone accounts could have been leaked. The reply reads:

 

Quote

“On May 21 last year, MCMC issued a notice to Nuemera based on the Commission’s decision not to renew the Public Cellular Blocking Service (PCBS) agreement for another five years as per the option within the contract agreement.”

 

But, with all of this said and done, the question still remains: How did the data leak? What is the next course of action to find the perpetrators of this massive breach?

 

Source: Nuemera claims police have cleared it. Who’s responsible for the massive data leak then? (via SoyaCincau)

Edited by zanderthunder
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...