#Privacy: Astro Malaysia Holdings breach compromised MyKad data


Malaysian satellite TV operator, Astro Malaysia Holdings, has revealed that customers’ MyKad data were breached in a data leak that took place at the company in August of this year.

The incident was the second data breach to have hit Astro in less than two years.

In the August leak, hackers were able to gain unauthorized access to Astro Malaysia Holdings customers’ MyKad data, compromising details such as names, addresses, dates of birth, race, gender, and NRIC numbers. As outlined in the notice published by Astro, the company has once again assured that financial data of their customers were not disclosed in the hack.

The company also confirmed that the total portion of impacted individuals from this incident remains at just 0.2%

Upon discovery of the incident, Astro worked quickly to notify relevant authorities and to shut down access to the compromised data. In addition, the company reached out to potential victims to provide further details of the breach.

Since reporting the incident, Astro has been working closely with the Department of Personal Data Protection, and the Malaysian Communications and Multimedia Commission to fully explore the intrusion and to develop stronger cyber-security infrastructures.

The media group has said that it is taking the necessary steps to mitigate a recurrence of such an incident. In a notice published on their website, Astro said:

“We are not able to comment on the incident to facilitate ongoing police investigations. We take the protection of our customers’ personal information seriously and have taken steps to enhance and further strengthen our security.”

“Astro regrets any concern or inconvenience this may have caused. We will continue to be vigilant in protecting our customers’ data,” the statement added.

In June 2018, Astro revealed that around 60,000 Astro Internet Protocol TV (IPTV) customers’ details that have been specifically provisioned by the Maxis Broadband Sdn Bhd had been leaked. Customer details including names, IC numbers, installation addresses, equipment and the portal ID numbers, mobile numbers, as well as the information on subscribed packages were compromised.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/