Hari ini, sekali lagi laporan berkenaan data breach dikeluarkan di Malay Mail dan NST Online. Di bawah merupakan laporan yang dipetik dari Malay Mail Online bertarikh 23 Januari 2018. Polis pula mengesyaki ianya dari sumber yang sama dengan kes kebocoran maklumat data telco. Seperti yang saya duga, kes tahun lepas ini bukan menjadi titik noktah kebocoran maklumat yang akan dilaporkan di media.
Adalah penting bagi pihak berkuasa melakukan tindakan untuk mendakwa mereka-mereka yang membocorkan data-data ini. Jika tidak, orang ramai akan risau tentang keselamatan rekod-rekod mereka yang disimpan oleh organisasi. Perkara sebegini bukanlah aneh di negara-negara lain, malah negara yang telah maju juga ada berlaku perkara sebegini.
Persoalan utama ialah adakah data ini dicuri dari luar organisasi atau ianya perbuatan orang dalam. Walau apa jua jawapannya, organisasi perlu lebih peka tentang keselamatan rekod dan data mereka. Terdapat pelbagai jenis guideline dan polisi untuk mengawal maklumat dari bocor, namun adakah organisasi 'practice' polisi ini dengan sebenar-benarnya atau sekadar melepaskan batuk di tangga. Pengurusan rekod yang sempurna meliputi juga aspek keselamatan rekod termasuk maklumat dan data dari dibocorkan. Jika kebocoran tetap berlaku, ini menunjukkan bahawa pengurusan rekod masih belum di tahap yang sepatutnya diamalkan. Lebih-lebih lagi jika ianya melibatkan organisasi besar.
Yet another data breach, personal details of over 200,000 local organ donors leakedored the original article on October 20 with MCMC’s approval.
KUALA LUMPUR, Jan 23 — The personal details
of around 220,000 Malaysian organ donors and their next-of-kin have
been leaked online since September 2016, tech forum Lowyat.net reported today.
This comes months after an earlier report by the same website claiming
that the personal data of millions of Malaysians had been stolen and was
being sold online.
“While the total number of records of this leak is nowhere near the
massive amounts of data leaked in the mobile telco data breach that we
reported back in October 2017, this leak contains one very serious
implication where it reveals personal information of a nominated
next-of-kin.
“This doubles up the actual number of records leaked to 440,000, and
also links two individuals to each other in a binding relationship —
whether it may be husband/wife, siblings or parental,” Lowyat.net said in its latest report.
The online forum said that the leaked files are updated up to August
31, 2016, and contain complete listings of a donor’s MyKad details,
contact number, home address, organs which will be donated as well as
the information pertaining to the next-of-kin.
Lowyat.net pointed out that the leaked data contains sign up data from government hospitals as well as the National Transplant Resource Centers across the country.
The online forum explained that this meant that said information was
originally retrieved from a central database, and that the files were
first uploaded online to a popular file sharing service on September 29,
2014.
“The data dump is divided into files, by year of sign up — from 1997
till 2016, however, for reasons we are not able to ascertain, all data
from 1997 to 2008 is filled with auto generated dummy data, rendering
them useless.
“The data dump from January 2009 to August 2016 however contains
complete personal details of around 220,000 individuals who have signed
up as organ donors, as well as personal details of their next of kin,”
the report added.
What is alarming is that the file dump also includes an annual
breakdown of demographic data of all organ pledgers by sex, race,
origin, types of organs as well as age groups.
Lowyat.net said it has already alerted the Department of
Personal Data Protection of the alleged data leak before the report was
published.
The Malaysian Communications and Multimedia Commission (MCMC) has yet to comment on this leak at the time of writing.
In October, the MCMC had instructed the forum to take down the article
on October 19 soon after it was published. The regulator later explained
in a statement that the order to take down the report as a “preventive
measure”.
Lowyat.net then restored the original article on October 20 with MCMC’s approval.
Read more at http://www.themalaymailonline.com/malaysia/article/yet-another-data-breach-personal-details-of-over-200000-local-organ-donors#qk1ZDqWkbbtfuXgw.99