Cyber Incident Victim: Astro
Date:
Dec 2022
Location:
Malaysia
Summary
A data leak allegedly exposed personal information of nearly 13 million Malaysians across a telecommunications provider, financial institution, and electoral body, with compromised data including login credentials, full names, dates of birth, addresses, and identity card numbers. The national communications ministry initiated an investigation through data protection and cybersecurity agencies, collaborating with the affected entities to verify the breach's legitimacy while blocking public access to the implicated website. Preliminary findings suggested some financial account details were invalid, potentially linking the incident to historical data. The electoral body's case was escalated to a national cybersecurity agency due to jurisdictional limits, while the financial institution denied experiencing a breach but confirmed ongoing scrutiny of the claims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 25, 2022, a website allegedly published data purportedly belonging to Malaysian entities Maybank, Astro, and the Election Commission (EC), prompting government investigation. The leak claimed to expose information of nearly 13 million individuals, including 3.5 million Astro subscribers, 1.8 million Maybank customers, and 7.2 million EC voter records, according to a Facebook post by "Pendakwah Teknologi" cited by Communications and Digital Minister Fahmi Fadzil. The exposed data reportedly included login IDs, full names, dates of birth, addresses, and national identity card numbers. Malaysia's Ministry of Communications and Digital (KKD) initiated an investigation through the Personal Data Protection Department (PDPD) and CyberSecurity Malaysia (CSM), formally contacting Maybank and Astro to verify the legitimacy of the data ownership claims. Maybank issued a statement confirming it was investigating the allegations while asserting it had not experienced a data breach.
Preliminary findings by authorities revealed discrepancies in the leaked Maybank account information, determining the displayed account numbers were invalid or non-existent as transactions could not be processed through them. Investigators noted the Maybank data might relate to a previous 2018 incident, though official confirmation from involved parties was required for comprehensive analysis under the Personal Data Protection Act 2010 (Act 709). The EC data breach allegations were referred to the National Cyber Security Agency (NACSA) for jurisdictional reasons, as election data falls outside Act 709's scope. The Malaysian Communications and Multimedia Commission (MCMC) received a restriction notice to block public access to the website hosting the alleged leaks. Minister Fahmi reiterated the importance of maintaining robust cybersecurity measures and compliance with personal data protection standards under existing legislation during the ongoing investigation. No additional technical specifics regarding the breach methodology, data exfiltration timeline, or Astro's internal findings were disclosed in the initial government statements.