Malaysian holdings company Astro suffered a data breach in which the attackers managed to access their customers’ MyKad data. Information that was compromised included names, date of birth, address, gender, race, and NRIC numbers. The company did confirm that no financial data was accessed, and they claim it only affected 0.2% of their customers. Shortly after being discovered, Astro moved quickly and they were able to shut the unauthorized operation down. Police, Malaysian Communications and Multimedia Commission, and the Department of Personal Data Protection have all been notified as well and they are all working closely on steps to address the issue. Their security parameters are being strengthened so these issues are prevented in the future. A portion of a statement released by Astro said, “We are not able to comment on the incident to facilitate ongoing police investigations. We take the protection of our customers’ personal information seriously and have taken steps to enhance and further strengthen our security.”
Analyst Notes
Since no financial information was accessed, users will not need to contact banks or other financial institutions but should still be monitoring their accounts. Passwords connected to their MyKad account should be changed.
