Minister: ‘Misunderstanding’ between MCMC and Lowyat.net about article on personal data breach

Salleh said that the police and ministry are in the midst of investigating third parties who supplied such information on Lowyat.net. ― Picture by Saw Siow Feng
Salleh said that the police and ministry are in the midst of investigating third parties who supplied such information on Lowyat.net. ― Picture by Saw Siow Feng

KUALA LUMPUR, Oct 26 — There was a “misunderstanding” between the Malaysian Communications and Multimedia Commission (MCMC) and Lowyat.net when the agency instructed the online forum to take down an article alleging a massive breach of Malaysians’ personal data, a minister said today.

“Tuan Yang Di-Pertua, admittedly there was a small miscommunication between MCMC and Lowyat on this matter, whereby it has already been settled amicably.

“Among the issues viewed was that in that article, personal data information were also mentioned, and this to MCMC’s view, also cannot be done. However, it has already been settled, but that was more of a miscommunication between MCMC and Lowyat,” Communications and Multimedia Minister Datuk Seri Salleh Said Keruak said during the special Minister’s Question Time in Parliament.

Salleh said that the police and ministry are also in the midst of investigating third parties who supplied such information on Lowyat.net.

He was responding to an additional question from Kulai MP Teo Nie Ching, who had asked why the government decided to “shoot the messenger” by instructing the online forum to take down the article, when Lowyat.net was merely reporting about a breach of the Personal Data Protection Act (PDPA) 2010.

News about the alleged leak was made public in a report titled “Personal data of millions of Malaysians up for sale, sources of breach still unknown”, published on the popular internet forum on October 19.

The report claimed that the personal data of millions of Malaysians from the databases of an online recruitment portal and medical associations, as well as over 50 million records of customer data from various telcos, were up for sale online. The information taken from telcos reportedly included customer names, billing addresses, mobile numbers, and identity card (IC) numbers.

The article was removed under MCMC’s instruction on October 19 soon after it was published. The regulator later explained in a statement that the order to take down the report as a “preventive measure”.

Lowyat.net then restored the original article on October 20 with MCMC’s approval.

Rights group Lawyers for Liberty and PKR have issued statements demanding MCMC to explain if the report had any basis at all, especially when it involved personal data of millions allegedly stolen between 2012 and 2015.

Related Articles