public warned against checking for data breach
The public has been reminded to not participate in any cyber security check for data breach that are conducted by independent online researchers, following the recent outcry which involved 46.2 million data that was compromised and sold to online portals in October.
SysArmy Sdn Bhd CTO Alan Yau said that the public should be aware of independent cyber security researchers that had set up websites online with the pretext of checking if users’ data were compromised.
He said the public should take extra care, especially when personal information are disclosed to such bogus online services.
“It is actually a crime for a person to go through third parties to check if his or her data has been breached,” he said during the launch of SysArmy’s new security programme yesterday.
The 46.2 million data that was compromised include personal information of Malaysian members from Jobstreet.com, the Malaysian Medical Council, the Malaysian Medical Association, Academy of Medicine Malaysia, the Malaysian Housing Loan Applications, the Malaysian Dental Association, as well as the National Specialist Register of Malaysia.
Data security experts, Halo-data Infokom Sdn Bhd CEO Resham Ganglani said that disclosing data to an unknown source could lead to another data breach.
“Let’s just say that you were not affected by the leak, but by giving out your information you are voluntarily exposing your data to these unknown third parties,” he said.
Explaining that they are not simply pointing fingers at these third parties who may sincerely want to help, Yau said it is best to let the authorities handle it.
“We must all follow the policies and procedures according to the law, given the sensitivity of the case. Those who believe that they are at risk should change their passwords and even SIM cards,” he said.
Yau said that from all the data leaked, his biggest concern was the data of the Malaysian Housing Loan Applications site.
“Information such as spouses’ names, salary slips and occupation is vital when applying for loans and such,” he said to The Malaysian Reserve (TMR).
CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab, however, declined to comment on the data breach of CIMB Group Holdings Bhd’s “magnetic tapes” that was reported missing by papers on Tuesday.
He advised businesses to be vigilant as the earlier 46.2 million data breach is still under police investigation.
“Every organisation whether big or small that holds data, should always practise security and disclosure,” he said to TMR.
SysArmy believed that a large number of small and medium-sized enterprises (SMEs) do not realise the importance of cyber security. The company recently released a security programme targeting SMEs specifically.
“As a company moves into the digital era, they must ready themselves, it is important to have a safety plan,” Yau said.
He added that the reason why SysArmy came up with SysArmy Cybersecurity as a service and customised plan according to their needs is because some SMEs’ find it difficult to understand the whole concept.
“The prices are affordable and we provide everything — including the setting up of firewalls, drafting policies and learning sessions for owners and staff,” he said.