While the listing said that there were around 2.7 million entries in the database, TM’s statement pointed out that the number of customers affected by the leak was much lower. That being said, the figure which stands at 250,248 customers is still significant.
The company noted that all of the customers affected were indeed Unifi Mobile users. The leaked database which has personal data such as full name, phone number, and email also contained a mixture of both individual and SME customers. TM added that all of the affected customers have been notified and specifically said that customers that did not receive such notification were spared from the leak. The telco further said that additional security measures have already been put into place although this was done without any service disruptions. Additional assessments are currently taking place as well while TM has also confirmed that it has reported the matter to several authorities including the National Cyber Coordination & Command Centre (NC4), Privacy & Data Protection Department (JPDP), and the Malaysian Communications & Multimedia Commission (MCMC).
Nevertheless, we reckoned that there are still a couple of details missing from the statement including how the leak happened in the first place. The company also did not specify whether it was caused by internal or external parties. In the same report, we have also highlighted another seller that has also put up millions of data on the same database marketplace which were sourced from Astro, Maybank, and Election Committee (SPR). Astro and Maybank have since said that their data remain secure and have launched internal investigations while there are still no official words from SPR at the time this article is published.