Malasyan National Cyber Security Agency investigates claimed data breach of U Mobile

On July 16, 2024, the Malasyan National Cyber Security Agency (Nacsa) began investigating an alleged data breach involving U Mobile, which reportedly exposed the personal information of four million subscribers.

The compromised data, includes personally identifiable information (PII):

• names,
• addresses,
• MyKad numbers,
• mobile phone numbers,

The claimed data set was allegedly put up for sale on a breach forum for US$5,000 (RM23,380) in Bitcoin. However, the posted sample appeared incomplete, with some entries lacking MyKad numbers and addresses.

U Mobile issued a statement acknowledging awareness of the alleged breach. The operator states: “We are actively investigating this situation. We are working closely with the authorities to address this matter effectively and will provide relevant updates once confirmed information becomes available. We wish to assure all stakeholders that we take matters of cybersecurity and data privacy seriously and are dedicating all resources to thoroughly investigate the situation.”

No other details are disclosed, about the validity of the claims and the nature of the breach (if confirmed).