Cyber Incident Victim: Universiti Teknologi Mara

On January 25, 2019, reports emerged that Universiti Teknologi Mara (UiTM), Malaysia's largest public university by enrollment, suffered a significant data breach exposing personal records of over 1.1 million students and alumni. The compromised dataset contained 1,164,540 individual records spanning enrollments from 2000 through 2018 across UiTM's nationwide network of campuses. Leaked information included highly sensitive identifiers such as full names, Malaysian identity card numbers (MyKAD), home addresses, personal email addresses, and mobile phone numbers. Academic details were also exposed, encompassing student IDs, campus codes and names, program codes, and course levels. The breach impacted individuals affiliated not only with UiTM's primary Shah Alam campus but also those enrolled at its 13 state-level branch campuses distributed across Malaysia.

The incident extended beyond UiTM's directly administered institutions to include students from eight external colleges offering UiTM-accredited programs: Kolej INPENS, Kolej Yayasan Terengganu, Kolej Yayasan Pelajaran Johor, Institut Yayasan Bumiputera Pulau Pinang, Kolej UNITI, Kolej Chermai Jaya, Kolej Lagenda Langkawi, and Institut Teknologi Perak. Exposed MyKAD numbers and residential addresses created substantial risks of identity theft and financial fraud for affected individuals, given the national identity document's centrality to financial and governmental transactions in Malaysia. The 18-year span of compromised records meant both current students and decades' worth of alumni faced potential exploitation of their personal data. No technical details regarding the breach mechanism, responsible actors, or institutional response were disclosed in initial reports. The dataset appeared on publicly accessible online platforms, though the specific dissemination channels and duration of exposure prior to discovery remained unconfirmed.