By LYDIA NATHAN
The 46.2 million records, comprising mainly personal and telecommunication details, which were leaked recently, are being sold at about RM32,000 or the price of one bitcoin, said a regional cyber security services provider.
Quann Malaysia Sdn Bhd said the data comprises postpaid and prepaid numbers, customer details, addresses and SIM card information, including unique international mobile equipment identity and international mobile subscriber identity numbers.
Quann GM Ivan Wen said it is impossible to stop the leaked data from being sold unless the companies are asked to pay a ransom.
”However, paying a ransom does not guarantee that the data will not be leaked. As such, we do not encourage companies to do so. This extremely attractive pricing for so much data will lead to a rise in the number of buyers who are confident they cannot be tracked,” he said in a statement.
The company said it was unclear if a ransom had been demanded from telecommunication providers, but the use of bitcoin as the method of payment means any company or person could anonymously purchase the whole list.
While bitcoin actual transactions are transparent, identities of the seller and buyer remain anonymous and cannot be tracked.
Wen said more should be done to deal with the spiralling number of worldwide ransomware demands.
“Only a few countries have a proper Know Your Customer regulations with bitcoin purchases.
We hope that regulators and policymakers will take action to put in more defined processes and regulations, for example in the upcoming cyber security law, to track the purchase and dealings in bitcoin among Malaysians, so that fraudulent data purchases can be tracked,” he said.
He said any company or group found purchasing the leaked data should be apprehended and charged accordingly.
Wen also advised the public who have not changed their SIM cards in 2014 to do so immediately, adding that even though the SIM cards could not be cloned, the data already breached was enough to cause substantial damage.
Meanwhile, he said Bank Negara Malaysia (BNM) can lead by example and put an end to fraudulent purchases of these leaked data.
“The Malaysian Communications and Multimedia Commission is most well equipped to aid BNM in drafting air tight regulations to stop fraudulent buying,” he said.