KUALA LUMPUR: A probe will be carried out by Universiti Teknologi Mara (UiTM) to look into claims that more than a million of its students’ personal data have been leaked online.
Its vice-chancellor Professor Emeritus Datuk Dr Hassan Said said the university would be conducting the investigation to ensure no one from UiTM was involved in the breach.
UiTM, he said, would not hesitate to take legal action against the parties found responsible.
“The screenshot which was published in a blog today was in a format that is not used by any of UiTM’s systems.
“This shows that the information has been processed and manipulated by unscrupulous parties which also confirms that the information has not been generated straight from the UiTM system but as a result of hacking.
“Hence, UiTM believes the system is still sound, safe and reliable,” he said in a statement here today.
This confirms Lowyat.net’s suggestion that they were “we are fairly certain that the database did not originate from any of UiTM’s online services.”
The tech portal that exposed the breach in a report published today had ruled out the possibility that the data was “obtained by exploiting an online security flaw”.
Its sources claimed that the data breach happened between February and March 2018, and that UiTM was aware of the breach but did not reveal it to the public.
The report cited that the records of 1,164,540 students – mainly those who enrolled between 2000 and 2018 – have been compromised.
The leaked data includes details like student name, MyKad number, house address, email address, campus codes, campus names, programme codes, course levels, student ID and mobile numbers.
It also stated that the records belong to students from UiTM campuses around the country, including the main campus in Shah Alam, Selangor.
Also affected were students who enrolled in UiTM accredited courses at external colleges like Kolej Yayasan Terengganu, Institut Teknologi Perak and Institut Yayasan Bumiputera Pulau Pinang.
Meanwhile, Hassan had also said that the university took matters related to the information and communications technology of the university seriously while adding that it has a comprehensive policy on ICT safety to protect personal data and official information from being accessed without authorisation.
He said UiTM standards of ICT safety was on par with similar institutions and organisations in Malaysia and this was proven by its ISMS (Information Security Management System) ISO 27001: 2013 accreditation from Sirim Qas International a week ago.