A massive data breach that had reportedly hit a prominent Malaysian university has resulted in personal data of over one million people being leaked online.

As per reports, personal details of over one million students and alumni of the UiTM Universiti Teknologi Mara have been breached and leaked online. This breach has reportedly occurred between February and March last year and had impacted students who were enrolled between 2000 and 2018 for different courses.

A report by Lowyat on the incident reads, “A total of 1,164,540 records, belonging to students who enrolled for various courses at Universiti Teknologi Mara (UiTM) between 2000 and 2018 has been breached and leaked online.”

The report further says, “The leaked data includes detailed records of students from the UiTM main campus in Shah Alam, as well as its 13 autonomous state campuses around the country. Also affected in the data breach are students who have enrolled for UiTM accredited courses at external colleges – namely Kolej INPENS, Kolej Yayasan Terengganu, Kolej Yayasan Pelajaran Johor, Institut Yayasan Bumiputera Pulau Pinang, Kolej UNITI, Kolej Chermai Jaya, Kolej Lagenda Langkawi and Institut Teknologi Perak.”

The personal details that were reportedly leaked online include names, Student ID, Address, Email Address, MyKad Number, Campus codes, Campus names, Program codes, Course level details and Handphone numbers as well.

The leaked database, it’s reported, doesn’t seem to have originated from any of UiTM’s online services. “Based on the data dump that we have examined, we are fairly certain that the database did not originate from any of UiTM’s online services, ruling out the possibility that it was obtained by exploiting an online security flaw,” reads the Lowyat report.

The Star meanwhile reports that as per clarifications made by the UiTM vice-chancellor Emeritus Professor Dato’ Dr Hassan Said, the university takes cybersecurity seriously. The report also states that the vice-chancellor, in a statement released on January 25, has said that the university’s Information Security Management System ISO 27001:2013 certificate awarded in January by SIRIM QAS International Bhd proves that its level of cybersecurity is at par with other organizations in Malaysia. He has reportedly pointed out that the formatting of information on tech portal Lowyat.net also shows that the database is not from any of UiTM’s internal systems.

The Star report, referring to the statements made by the vice-chancellor, says, “This shows that the information has been edited or manipulated by irresponsible parties, and proves that the information is not gleaned from a hack of UiTM’s systems, he insisted, thus UiTM is confident that the systems it has in place are secure, safe and trustworthy.”

The report also adds, “UiTM says it is also performing an internal investigation to ensure that there has been no wrongdoing by any UiTM staff. Should any proof of wrongdoing be found, UiTM will not hesitate to take legal action against the responsible party.”

The Lowyat report, however, makes this concluding remark- “According to our sources, who wish to remain anonymous, the data breach happened between February and March 2018, and that UiTM is aware of the breach but has yet to issue any official statements.”

Post a comment