Cyber Incident Victim: UOB KayHian

In October 2022, Malaysian stock brokerage firm UOB KayHian experienced a cyberattack claimed by the DESORDEN GROUP. The attackers reported accessing 159,807 records containing customer and internal user data, including full names, genders, religions, birthdates, nationalities, identity card (IC) numbers, passport details, email addresses, phone numbers, and physical addresses. Additional compromised information involved dealer records and back-office user details. DESORDEN stated they focused exclusively on data extraction without attempting file encryption, deletion, or system disruption. The group contacted UOB KayHian regarding the breach but received no response despite confirming the firm had read their communications. DESORDEN publicly disclosed the incident on a hacking forum in late October, ending a period of reduced public activity by the threat actor.

UOB KayHian did not acknowledge the breach publicly or respond to inquiries from media outlet DataBreaches following DESORDEN’s disclosure. On October 18, 2022, the firm published a generic security advisory on its website titled "Notice – UTRADE Security Advisory on Safeguarding Digital Privacy *NEW*," though no direct link to the breach was confirmed. DataBreaches noted concerns that exposed credentials and personal information in the stolen data—including usernames, passwords, and contact details—could facilitate unauthorized account access or targeted phishing campaigns against customers. The lack of explicit customer notification about the breach raised questions about mitigation effectiveness, as the advisory did not reference compromised data or recommend credential changes. DESORDEN maintained possession of the exfiltrated data, with no evidence of deletion or ransom demands disclosed in available reports.