Report: Personal data breach victims had unknown numbers linked to MyKad

Users who visited a verification website called sayakenahack.com had found their new mobile phone numbers which they had never signed up for registered under their identity card numbers. —  AFP pic
Users who visited a verification website called sayakenahack.com had found their new mobile phone numbers which they had never signed up for registered under their identity card numbers. — AFP pic

KUALA LUMPUR, Nov 16 — Mobile phone users whose personal information was leaked during a major data breach recently have also discovered that their MyKad numbers are linked to unknown mobile phones.

Users who visited a verification website called sayakenahack.com had found their new mobile phone numbers which they had never signed up for registered under their identity card numbers, The Star reported today.

The verification website was created by tech blogger Keith Rozario last Sunday to assist the public in finding out if their personal data was among the information leaked in 2014 involving the personal details of 46.2 million mobile subscribers in Malaysia.

According to the news report, more than 50,000 Malaysians have checked to see if they were part of the leak.

The data leak was first reported last month by tech news portal lowyat.net after an individual attempted to sell the information for an undisclosed amount of online currency Bitcoin.

A company secretary who requested anonymity reportedly said she was shocked to find out that a prepaid number was registered under her name although she never used the services of that particular telecommunications provider.

“I have always been using another telco and my only number is a supplementary line to my husband’s for almost 15 years now. I’m guessing my personal information was stolen to register that prepaid number,” The Star quoted her saying.

Another victim, a 36-year-old engineer named Tan found that he had an extra mobile phone number registered under his name and questioned how another person was able to sign up for the service without his knowledge.

The same news report cited technology strategist Dinesh Nair saying the victims’ MyKad number was likely used to register for prepaid services which can be purchased at convenience stores.

Malaysian Communications and Multimedia Commission (MCMC) network security and enforcement sector chief officer Zulkarnain Mohd Yassin said such cases were likely impersonation during the registration process.

He advised the victims to check with their service providers on accounts under their names and MyKad number and also to lodge a report with MCMC.

Bukit Aman Commercial Crime Investigation Department director Comm Datuk Amar Singh said police are still investigating the data breach.

Rozario, the man behind sayakenahack.com said he was worried of the long-lasting consequences of the data breach that led him to develop the verification site.

His concern was that the victims whose MyKad numbers and addresses were leaked could be “exposed” for life.

Rozario also said he designed the website to reveal only the necessary information while keeping pertinent details hidden.

“The phone numbers are masked. Only the first three numbers and the last two digits are shown so you can verify if it is correct. But for someone randomly typing in MyKad numbers into the system, there are about five numbers still masked, so it is unlikely they will get it,” he reportedly said. 

Related Articles