According to a Holmes report one of the biggest breaches in the last few years to plague companies are data breach.
This year’s biggest story was that the Marriott hotel one (in the wake of its merger with Starwood) which recorded the second largest breach in cyber security history, exposing some 380 million records.
Other breaches include those at Facebook (50 million), Quora (100 million) and Ticketmaster, all of which saw sensitive information accessed by attackers.
“Strict reporting guidelines (including GDPR in the EU, and comprehensive Federal and State laws in the US), mean that businesses are frequently reporting breaches.
So it’s a challenge for the likes of Marriott when serious breaches involving potentially sensitive data (passport and credit card details, amongst other information) occur, to encourage affected individuals to actually take notice, and more importantly, take action.
On the home front, similar occurrences are happening and there needs to be legal requirements compelling Malaysian companies to disclose data breaches, especially when personal information has been stolen.
With the increasing number of data breaches in the country, it is high time to make it mandatory for companies in Malaysia to disclose such incidents.
IBM Resilient cyber security and privacy program director, Gant Redmon, says a definitive law would remove any grey area on whether a company should or shouldn’t declare a breach.
One such solution has been the idea of a national digital ID which would be more convenient but it would also open up the possibility of more cybersecurity and data breaches.
Unless some kind of foolproof system can be set up protecting digital IDs from being breached to prevent social media accounts, mobile phone numbers as well as private accounts from being hacked.
According to the Star Online Facebook page more Malaysians were against the idea than for it.
Communications and Multimedia minister Gobind Singh Deo said that he remembers the massive data breach where over 46 million Malaysian mobile phone numbers were leaked all too often.
In his Facebook post recently he said that he has requested for reports on several incidents from his ministry including the data breach fiasco, the bot attack on handphones which occurred on election day as well as directives that were issued including the blocking of online portals on election night.
He also added that there would be a review of certain provisions in the Communications and Multimedia Act 1998 where proposals to amend them will be considered.
One of the biggest data breaches was reported by Lowyat.net last year with over 46 million numbers being leaked including prepaid and postpaid numbers, customer details, addresses as well as sim card information.
In addition there was also a breach in the Malaysian Medical Council (MMC), Malaysian Medical Association (MMA) and the Malaysian Dental Association (MDA)’s databases where 81,000 records were leaked.
These databases contained personal information, MyKad numbers, mobile/work/home phone numbers as well as work and residential addresses.
Therefore safeguard measures are much needed.