KUALA LUMPUR, Oct 14 — The Malaysian Communications and Multimedia Commission (MCMC) has terminated the services of a firm hired back in 2017 to protect the personal data of mobile phone users.
Thus comes after the personal data of the users, including details such as MyKad numbers were reportedly leaked by the same company.
Online portal Malaysiakini reported that the government has terminated its contract with Nuemera (M) Sdn Bhd and currently the Attorney General’s (AG) Chambers is conducting a criminal investigation on the matter.
It was reported that the Communications and Multimedia Ministry had confirmed the termination and investigation in a written reply to Lembah Pantai MP (PKR) Fahmi Fadzil in Parliament today.
The lawmaker had questioned how Nuemera had failed to protect the personal data of 46.2 million mobile phone accounts when it was contracted to manage MCMC’s Public Cellular Blocking Service (PCBS).
He also wanted to know what actions had been taken against Nuemera.
Launched in February 2014, PCBS was MCMC’s initiative to provide a service that allows victims to block stolen phones from making calls, texting and accessing the internet even if the sim card has been changed.
To ensure its success, the Malaysian Central Equipment Identity Register (MCEIR) was created. It is a database of International Mobile Equipment Identity (IMEI) number which is a unique serial that can identify each mobile phone in the country.
For the system to work, all major telcos in Malaysia had surrendered the IMEI number and other customer personal data including the phone numbers, home address as well as MyKad number to Nuemera.
The ministry did not elaborate on the details of the leak but said that action has been taken against Nuemera after an investigation by MCMC’s Personal Data Protection Department and the police.
“Following the investigation, on January 26, 2018, MCMC had suspended Nuemera’s appointment as it was found that the company breached basic provisions in the contract between MCMC and Nuemera.
“On May 21, 2018, MCMC issued a notice to Nuemera informing of MCMC’s decision not to renew the PCBS agreement for another five years as provided as an option in the contract agreement,” it reportedly said.
The Department had investigated the alleged crime under Section 9 of the Personal Data Protection Act which states: “A data user shall, when processing personal data, take practical steps to protect the personal data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction...”.
It is also being investigated under Section 130 of the ct regarding the unlawful collection of personal data and Section 4 of the Computer Crimes Act.
“The investigation papers have been completed and was sent to the Attorney-General’s Chambers for action,” it reportedly said.