Malaysia, Australia probe data breaches as millions exposed
By SHAMIM ADAM, MATTHEW BURGESS AND YOOLIM LEE | Bloomberg | Published: November 2, 2017
Malaysia is investigating the theft of mobile-phone records for 46.2 million customers, while an online security lapse in Australia exposed personal details of almost 50,000 employees.
The Malaysian government is working with carriers and police to investigate the issue and identify possible sources of the leak, the state news agency Bernama reported Wednesday, citing Communications and Multimedia Minister Salleh Said Keruak. A spokesman confirmed his comments. The data may last have been updated in 2014, according to local reports.
In Australia, personal records of almost 50,000 workers at several government agencies and companies were left unsecured by a third-party contractor in one of the country's worst data breaches, according to a report Thursday by iTnews. Backup databases of employee records including names, passwords, salaries and some credit card numbers were accessible after the misconfiguration of an Amazon cloud storage product, it said.
"Companies should assume they will be breached and take steps to limit the impact of these incidents," said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye Inc. "The reality is many firms are unknowingly compromised."
As the scale and frequency of major hacking attacks increases, companies and governments have come under intense pressure to shore up their cybersecurity. Only about 2 percent of corporate data is encrypted today, International Business Machines said in July.
North Korean hackers are particularly active amid rising tensions over the country's nuclear ambitions. They have been linked to last year's heist from Bangladesh's central bank as well as cryptocurrency exchange attacks and the WannaCry ransomware that infected about 300,000 computers in 150 countries.
Malaysia, with a population of 32 million, has a mobile penetration rate of 134 percent as of March this year, according to government statistics. Almost 80 percent of the 42.8 million subscriptions as of the first quarter are pre-paid accounts.
The largest mobile phone companies in Malaysia include Maxis Bhd., Celcom Axiata Bhd. and Digi.com Bhd. The companies as well as the Malaysian Communications and Multimedia Commission didn't immediately reply to requests for comments or couldn't immediately be reached by Bloomberg News. Maxis, Celcom and Digi told the Star newspaper that they are supporting the investigation.
"If the data is as widely available as suspected, it's likely to be abused by criminals for a wide variety of purposes, such as identity fraud and scams," Boland said of the Malaysian theft. "It's probably not the biggest breach to date in Malaysia, though it may be the biggest reported. Most breaches are never discovered, and many that are discovered are not reported."
Australia has experienced several high profile hacks or data breaches in the past couple of years. Almost 30 gigabytes of commercially sensitive information related to Australian naval vessels and warplanes was reportedly stolen from a local defense contractor in 2016. The nation's weather bureau was reportedly hacked in 2015.
The Australian government said it was aware of the breach involving a third-party contractor and that the exposed data was historical and partially anonymized.
"The Australian Cyber Security Centre was alerted to the breach in the first week of October and immediately contacted the external contractor to secure the information and remove the vulnerability," the Department of the Prime Minister and Cabinet said in statement on Thursday.