KUALA LUMPUR: The Personal Data Protection Department is investigating the latest data breach involving more than 220,000 organ donors and their next-of- kin.
Its commissioner Khalidah Mohd Darus, in a statement, said the department is attending to and investigating the “serious incident” under the Personal Data Protection Act of 2010(Act 709).
The breach which was reported by tech forum Lowyat.net, yesterday, stated that personal details of organ donors and their next-of-kin have been leaked online since Sept 2016.
The latest breach comes on the heels of an earlier exposè by the same website which stated that the personal data of 46 million Malaysian telco subscribers had been stolen and were being sold online.
“While the total number of records of this leak is nowhere near the massive amounts of data leaked in the mobile telco data breach that we reported back in October 2017, this leak contains one very serious implication where it reveals personal information of a nominated next-of-kin."
“This doubles up the actual number of records leaked to 440,000, and also links two individuals to each other in a binding relationship — whether it may be husband/wife, siblings or parental,” Lowyat.net stated in the latest report.
The leaked files were updated on Aug 31, 2016 and carry complete listings of a donor’s MyKad details, contact number, home address, organs which will be donated as well as the information pertaining to the next-of-kin.
The report also said the leaked data has sign-up details from government hospitals as well as the National Transplant Resource Centers across Malaysia.
The online forum explained that this meant that the information was originally retrieved from a central database, and that the files were first uploaded online to a popular file sharing service on September 29, 2014.
It stated that all data from 1997 to 2008 was auto filled with dummy data rendering the dump useless. However the data dump from January 2009 to August 2016 carries complete personal details of around 220,000 individuals who have signed up as organ donors, as well as the details of their next of kin.
The file dump also includes a yearly breakdown of demographic data of all organ pledgers by sex, race, origin, types of organs as well as age groups.
Lowyat.net said it has already alerted the Personal Data Protection Department of the alleged data leak before the report had been published.
In November, police stated that they were tracking down the owner of an e-mail account as part of the investigation into the massive online data breach, that was reported by the website in October.
An online news portal claimed that after analysing the data from the breach, it concluded that the data might have been destined for the Malaysian Communication and Multimedia Commission's (MCMC) Public Cellular Blocking Service (PCBS) system.