Being the biggest bank in the country, the news of Maybank’s alleged data leak has definitely caused huge concern among the public to the extent that it has received swift attention from the authorities. The bank has since said that the data leak claims are false.
In a statement that was sent to Lowyat.NET earlier today, Maybank said that it has completed the internal investigation on the matter and found that the claims were not true. Here is the said statement, reproduced in full:
Following the conclusion of our investigation into the allegation by a third party regarding a purported customer data leak, Maybank can confirm that these claims are false. The Bank would like to reassure its customers that their data remains secure and private and that no customer data has been compromised. Maybank will continue to prioritise its cyber security and data protection measures as customer data protection is of utmost importance to the Bank.
A version of it was published on the bank’s Twitter as well. For those who missed the news, a listing at a database marketplace forum dated 25 December was offering a database with 1.8 million lines that were allegedly sourced from Maybank. In the same listing, the seller was also offering two other datasets from Astro and Election Committee (SPR) that were said to contain 10.7 million lines.
A few hours after the existence of the listing was known to the masses yesterday, Maybank has publicly addressed it by releasing a statement saying that the bank has not experienced any data breach and it already initiated an internal investigation. Not long after that, Communications and Digital Minister Fahmi Fadzil noted in his statement that the initial investigation found that the account numbers contained within the sample data in the listing were invalid.
The minister also said that a restriction notice has been submitted to the Malaysian Communications and Multimedia Commission (MCMC) in order to block the public from accessing the marketplace forum. We actually already encountered the blockage way before the statement was released to the public although those who are tech-savvy enough can easily overcome it and our quick check showed that the listing is still up on the marketplace forum at the time this story is published.
Even though the bank said that the data leak claims were false, let’s not forget the “Maybank” database inside the listing still contains someone’s personal data. So, we reckoned that the authorities still have to continue their investigation in order to trace the origin of the databases that were featured in the listing and take appropriate actions.