PKR communications director Fahmi Fadzil has filed a civil suit against the Malaysian Communications and Multimedia Commission (MCMC) and a data security company over a data leak involving 46.2 million telco subscribers.

Fahmi is seeking answers as to what MCMC and Nuemera Sdn Bhd have done to avoid further breaches, and how the breach had occurred.

“This is why, as a telco user affected by the breach and because it is a matter of public interest, I have decided to take legal action against MCMC and Nuemera, for their failure to secure our private information,” he said at a press conference at the party’s Lembah Pantai office today.

Nuemera had been appointed to manage MCMC’s public cellular blocking service, aimed at reducing street crime and mobile phone theft by disabling a phone’s unique 15-digit International Mobile Station Equipment Identity code.

“We filed the suit yesterday, and we will wait for the case management date, which is probably a month and a half later,” said Fahmi.

He said it was the responsibility of MCMC and Nuemera to explain what had happened in the telco breach.

“Take responsibility, because it seems that they are very proactive when it comes to people who post on Facebook, but this is a mega scandal. We haven’t lost so much data before.”

Representing Fahmi is constitutional lawyer Syahredzan Johan, who said the suit was based on the failure of MCMC and Nuemera to “secure the information of Malaysians in the data breach”.

“In this legal process, of course, the defendants will have to say what they have done and everything, so that we can know what is happening in detail, and what has been done by them to handle this.”

He said there was nothing to stop the public from suing MCMC and Nuemera.

“Fahmi has taken the first step, and there is nothing stopping others from doing the same.

“This suit is about before, during and after the breach happened… how they failed to have in place a proper system to ensure that such breaches do not happen, and why users were not informed about the matter.“

Malaysians first came to know about the massive breach on October 19 last year, reported by lowyat.net.

The breach is said to have happened between 2012 and 2015, affecting Jobstreet.com, Malaysian Medical Association, Malaysian Medical Council, Academy of Medicine Malaysia, Malaysian Dental Association, National Specialist Register of Malaysia and telecommunications companies, including Maxis, Celcom and DiGi.

Police traced the leak to an IP address in Oman, and have said the leak could have occurred during a data transaction and involved the employees of a company.

There has been no update since.

Recently, lowyat raised an alert on another data breach, involving 220,000 Malaysian organ donors registered with government hospitals and transplant centres.

The data was leaked online as early as September 2016, and contained personal information on the donors’ next of kin. – February 7, 2018.