In October, a massive breach hit Malaysians that saw over 46 million records put up on sale on the dark web. Authorities said on Thursday (16 November) that they have identified several suspects that perpetrated the historic data breach.
Inspector-General of Police Tan Sri Mohamad Fuzi Harun told local reporters at a press conference that investigators were close to arresting the suspects, believed to be employees of an unspecified company, New Straits Times reported. According to local media reports, authorities believe the company may also be involved with moving the stolen data.
It still remains unclear as to how the breach occurred. Mohamad Fuzi reportedly refrained from disclosing what kind of data transfer took place. He also did not mention the source of the leak, telling reporters that authorities were still investigating.
“I cannot confirm the source of the leak, but we have leads on how it happened. (It was) not (the work of a) syndicate,” he reportedly said.
Earlier reports suggested the data leaked included users’ names, prepaid and postpaid phone number, addresses, customer details and SIM card data.
The dark web also reportedly contained databases of over 80,000 compromised records from the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA) and the Malaysian Dental Association (MDA).
Authorities are yet to specify how many people they suspect may be involved in perpetrating the breach.
“We have some leads pertaining to the case and we have identified those involved,” Mohamad Fuzi said. “Further action will be taken (against the alleged culprits).”
Meanwhile, The Star reported that some Malaysians affected by the breach have discovered that they are the victims of a “breach within a breach”. Some of them reportedly found that they were registered for new mobile phone numbers without their knowledge.
The Malaysian breach is not the first of its kind. Over the past few years, similar breaches have also affected the Philippines and Turkey.
In April 2016, hackers leaked around 55 million voters’ passports and fingerprints online. In July 2016, hacked records of nearly 50 million Turkish citizens were leaked by political hackers.