Cyber Incident Victim: redONE Network Sdn Bhd

On September 19, 2022, the DESORDEN Group claimed responsibility for a cyberattack targeting redONE Network Sdn Bhd, a Malaysian telecommunications provider with over 1.2 million subscribers. The company also offered financial services through its redCARD program, partnered with a bank, and insurance services via its redCARE program, partnered with an insurer. DESORDEN asserted that after redONE failed to respond to their initial demands, they executed a second attack on or around September 21, specifically targeting the redCARD and redCARE systems. The group disclosed that the breach compromised redONE’s databases and source code, exfiltrating sensitive customer information including full names, National Registration Identity Card (NRIC) numbers, addresses, phone numbers, and email addresses. DESORDEN published samples of the stolen data on a hacking forum, covering records from redONE, redCARD, and redCARE, with all three datasets containing NRIC fields.

Independent verification by DataBreaches confirmed the authenticity of the leaked data. Using redONE’s now-disabled online ID checker tool, investigators entered NRIC numbers from DESORDEN’s samples and corroborated matching account details, including Account IDs, activation dates, and termination dates for affected subscribers. DESORDEN issued an ultimatum to redONE, threatening to sell the stolen data publicly unless the company responded within 48 hours of their final communication. At the time of reporting, approximately 24 hours had elapsed since this demand, with no public acknowledgment or remediation steps disclosed by redONE. The breach exposed systemic vulnerabilities across redONE’s core telecommunications infrastructure and its partnered financial and insurance platforms, directly impacting customer privacy through the compromise of government-issued identification data.