MALAYSIA’S internet regulator today ordered an online forum to remove news on a massive data breach involving millions of users, estimated to have taken place between 2012 and 2015.

The Lowyat website said the order from the Malaysian Communications and Multimedia Commission came after it reported that databases of Malaysians’ personal details, obtained from Jobstreet.com, the Malaysian Medical Association and the Malaysian Housing Loan Applications, among others, were being sold for bitcoins since late yesterday on its forums.

It said “the mother lode” was customer data from telecommunications companies, including Celcom, DiGi, Maxis, TuneTalk and Umobile.

“While we did brush off the tip-off as just another scammer looking to make a quick buck at first, we decided to dig a little further and discovered that this could be one of the biggest data breaches ever in Malaysian history,” said the website.

It said more than 50 million records from telco firms were being sold, including data on customers’ names, addresses and mobile phone numbers, and even the MyKad numbers of some Malaysians.

“Based on the data, we estimate that the breach could have happened anywhere from 2012 to 2015.

“Not all the data seems up to date as we believe the source of the data has been merged from multiple sources.”

It added that the data seemed to have been obtained between 2012 and 2013, and included those on non-residents. – October 19, 2017.