A total of 1,164,540 records, belonging to students who enrolled for various courses at Universiti Teknologi Mara (UiTM) between 2000 and 2018 has been breached and leaked online.
The leaked data includes detailed records of students from the UiTM main campus in Shah Alam, as well as it’s 13 autonomous state campuses around the country. Also affected in the data breach are students who have enrolled for UiTM accredited courses at external colleges – namely Kolej INPENS, Kolej Yayasan Terengganu, Kolej Yayasan Pelajaran Johor, Institut Yayasan Bumiputera Pulau Pinang, Kolej UNITI, Kolej Chermai Jaya, Kolej Lagenda Langkawi and Institut Teknologi Perak.
Personal details in the breached data includes Student ID, Student Name, MyKAD Number, Address, Email Address, Campus Codes, Campus Names, Program Codes, Course Levels as well as Handphone numbers.
Based on the data dump that we have examined, we are fairly certain that the database did not originate from any of UiTM’s online services, ruling out the possibility that it was obtained by exploiting an online security flaw.
According to our sources, who wish to remain anonymous, the data breach happened between February and March 2018, and that UiTM is aware of the breach but has yet to issue any official statements.