In reference to our report this morning on the sale of customer information, Astro, has confirmed via an official media statement that only IPTV customers provisioned by Maxis are affected. The statement further clarifies that all other Astro customers data are not affected in any way, and no financial data was disclosed.
The statement also confirms the original incident that we highlighted to them on 26th January 2018, and the subsequent action that was undertaken by Astro to remove the links, as well as filing reports with the MCMC, and the police.
Astro reiterates that protecting their customer data is of utmost importance to them and they have complied with all data protection protocols and obligations. They also have revalidated all their security measures and confirm they are intact.
While we do commend Astro for their prompt action, as well as admission of the data breach, we still believe the actual victims here are the individuals who have had their personal data exposed without their consent. We strongly urge either Astro or Maxis to take the necessary steps to inform their individual customers affected by this data breach incident, so that they may take the necessary steps to ensure that their personal details are not abused by any unauthorised parties.
Original Media Statement from Astro
Astro would like to clarify media reports concerning the unauthorised disclosure of Astro IPTV customer data. Firstly, this relates to IPTV customers provisioned by Maxis only. The management of IPTV customers is a joint responsibility between Astro and its telco partner, Maxis Broadband Sdn Bhd (Maxis). No other Astro customers are affected.
Astro was made aware of this incident on 26 January 2018. On the same date we sought assistance from MCMC and had the search engine provider remove the link. All trace of customer data online was immediately removed. Subsequently, Astro lodged a police report on 8 February 2018.
Protecting our customer data is of utmost importance to us and we have complied with all data protection protocols and obligations. In any case we have revalidated all our security measures and confirm they are intact.
It has now come to our knowledge that this data has resurfaced and Maxis was promptly requested to extend its assistance with the investigation. Astro lodged a second police report today, informed MCMC and will also lodge a report to the Department of Personal Data Protection.
We are working closely with the authorities to address the issue. We confirm no customer financial data was disclosed. We are also working with Maxis to carry out additional forensic investigations.
We will provide an update once we receive more information from the authorities. Meanwhile, we will remain vigilant in our data protection efforts in protecting our customers’ data.