By Mariam Mokhtar

Many Malaysians appear to be very relaxed about their personal data being sold to the general public, and it is equally perplexing that news about data breaches rarely trouble them.

On 20 September, the website MYS PPL, which claims that it is able to locate a person’s long lost friend, was reportedly being investigated for selling personal data.

When someone’s full name is inserted into the website, the individual’s personal profile such as name, age and the state in which he probably resides, will be displayed.

Sensitive information such as identity card numbers and mobile phone contacts may be locked, but the website goes on to suggest that for a fee, the person’s e-mail, mobile phone numbers, addresses and company information could be acquired.

Although the price is not on display, all one has to do is to contact the website to purchase the information.

In many other countries, especially in the West, data breaches like this would have caused a public outcry. So, why are many Malaysians largely unconcerned?

Are Malaysians not worried that the website is able to obtain their personal information? Are they not alarmed that members of the general public have access to their e-mail addresses, mobile phone numbers, and addresses?

When sensitive personal information is illegally acquired through dodgy means, are Malaysians not anxious that information about themselves is being sold to fraudsters and conmen?

It is also a very serious matter if the information has been obtained from a medical facility, and the person’s physical, mental, and sexual health details are subsequently shared around.

A few years ago, personal information had been stolen from many Malaysian public sector and commercial websites, and the information was to be sold for an undisclosed amount of Bitcoin. What happened to the investigation and what was its outcome?

As is the case, many Malaysians were probably unaware of this data breach or its implications.

Why won’t Malaysians show more concern about their personal information being used without their consent?

What would they do if they were to receive a letter urging them to service their house loan or else they would face the threat of their house being seized? Would the people affected realize that their personal information had been illegally used to obtain a house loan in their name?

What if their names had been registered at a different polling station or a polling station in a different state to the one in which they live? This would wreck their chances of voting at the general election because they would have been misinformed.

Would they not be alarmed if their bank accounts had been emptied because “new” credit cards bearing their names had been used by fraudsters to go on a spending spree?

When will Malaysians wake up to the fact that stolen personal data could be used by criminals to commit identity theft?

Perhaps, those who suspect and know that their security details have been stolen should sue the Malaysian Communications and Multimedia Commission (MCMC) for the abrogation of its responsibilities.

More importantly, when both the police and the MCMC are warned about data breaches, they rarely provide regular updates about the investigations. Why?

In 2017, Lowyat.net alerted the MCMC about the theft of personal and sensitive information. The MCMC was allegedly slow to respond to Lowyat’s claim.

Shocked by the MCMC’s lack of response, Lowyat wrote an article about the data breach, and later published it on their website to alert Malaysians. The article was called, “Personal data of millions of Malaysians up for sale, sources of breach still unknown”.

Between 2012 and 2013, another data breach included 17 million rows of customer information from a jobs portal. The candidate’s name, login name, password, e-mail address, nationality, address and mobile phone number had been illegally acquired.

Other data breaches included two sets of data from the Malaysian Medical Council, Malaysian Medical Association (MMA), Malaysian Dental Association, and housing loan applications. They contained information about MyKad numbers, e-mail addresses, mobile phone numbers, contact numbers, blacklist status, addresses, jobs, employers, salaries and their spouse’s details.

So, what would it take for you to care about your personal details being stolen?

Source:

1. Malaysiakini: Website selling personal data is being investigated under PDP Act

(Mariam Mokhtar is a Freelance Writer.)