University Malaya (UM) has been reported to suffer a massive data breach. UM and the Personal Data Protection Department (JPDP) mentioned they are aware of the report and are looking into the claim. Personal data of UM academics and non-academics were leaked on an anonymous file-sharing website. These data include the aforementioned staff’s bank account details, and payslips, according to Technology portal Lowyat.net in Friday (Oct 19).
The first section of the leaked data comprises of payslip details such as account numbers, bank names, MyKad and staff ID numbers which conformed to staff names. The second section comprises of EPF numbers, Employees Tax (IRB), branch location, position, salary information, up to 24,000 login IDs and hashed passwords. The source of these details is presumed to be from UM’s E-Pay Cashless Payment and Records portal.UM made a statement on Friday afternoon claiming that no data was comprised when the E-Pay portal was defaced. Before it was taken down, the defaced portal carried a protest message that included hashtags #UndurVC and #NoRasis.
A Malaysian Communications and Multimedia Commission (MCMC) spokesman said the regulatory body will only provide technical assistance upon request. The Star sighted a sequence of WhatsApp messages spread by students warning others not to access any of UM’s portals for the next 24 hours claiming logging in the portal might put their information at risk considering more than one of UM’s portal have been hacked.
Condition Zebra as an International IT security services, Training and Certification provider would like to advice all organisations to strengthen their infrastructure’s cyber security. Cyber-attacks will cause more damage than the cost of executing the right cyber security measure. All organisations are advice to conduct penetration testing at least once a year. Cyber-attacks impact not only economically, it will also lead to reputational damage and legal consequences of cyber breach. Therefore, as a committed organisation, Condition Zebra would like to offer a FREE penetration test to organisations so they can find out vulnerabilities within their system infrastructures. Claim your FREE penetration test here.
You also can speak to one of our consultants to learn more on how you can strengthen your security measures. It is better to be safe than sorry.