Astro hit by 2nd data breach in 14-month period

Less than 0.2% of its customers are affected and the company is in the process of informing them, says Astro


FOURTEEN months after reporting a data breach which compromised 60,000 of its customer details, Astro Malaysia Holdings Bhd said it suffered another incident yesterday.

The satellite television (TV) operator said on its website that it discovered unauthorised access to customers’ MyKad data including name, identity card (IC) number, date of birth, gender, race and address.

Astro said less than 0.2% of its customers are affected and the company is in the process of informing them.

“Please be assured that no financial data of our customers have been disclosed. We addressed this incident immediately and stopped the unauthorised access,” it said in a notice published on its website yesterday.

In June last year, Astro said up to 60,000 Astro IPTV (Internet Protocol TV) customers’ details, which were specifically provisioned by Maxis Broadband Sdn Bhd were leaked.

Details such as names, installation addresses, IC numbers, mobile numbers, equipment and portal ID numbers, as well as information on the subscribed packages were compromised. The customers’ data were sold online at RM4,500 for 10,000 records or 45 sen a record.

According to the latest financial results statement, Astro said the group entertains and engages with 5.7 million households and 23 million individuals.

On the latest case, Astro said the firm has informed the police, Malaysian Communications and Multimedia Commission (MCMC) and the Department of Personal Data Protection (JPDP).

Astro said it is working closely with the authorities to address this issue.

“We are not able to comment on the incident to facilitate ongoing police investigations. We take the protection of our customers’ personal information seriously and have taken steps to enhance and further strengthen our security,” the group added.

When contacted, MCMC confirmed that Astro had informed the regulatory body.

Cybersecurity expert Fong Choong Fook when contacted said the latest case is “hardly surprising” as perpetrators behind data breach cases in Malaysia are still not being charged for the offence.

“More surprising is, so far, that no one gets prosecuted since the last telcommunications data leak. It was bigger than this case,” Fong told The Malaysian Reserve.

Malaysia was rocked with the largest data breach incident in October 2017, where it was reported that 46 million personal records including IC numbers, addresses and mobile numbers were leaked.

In December 2018, customers of CIMB Bank Bhd complained that their accounts were hacked in relation to transactions via the bank’s online portal CIMB Clicks.

The country’s second-largest bank has denied any security breach over the alleged incident.