Data Breach Involves 13 Million Users Of Maybank, Astro, and EC

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 03, 2023 02:47 am PST

Fahmi Fadzil, Malaysian Communications and Digital Minister, has launched an investigation into an alleged significant data breach impacting over 13 million individuals. Fadzil directed the national cyber security to investigate and take legal action if there is a data leak involving the parties involved. Satellite broadcaster Astro and the Election Commission claimed that data from the Maybank satellite had been leaked.

Maybank, Malaysia’s largest financial services firm, refuted the reported claim of a customer data breach on Saturday. “After inquiry, it finds that these charges are unfounded,.” He further stated that he reassures them that their data is safe and confidential and that the customers’ information was not breached. Also, “We will continue to prioritize our cyber security procedures since protecting client data is critical to us,” according to the bank.

The leak was discovered after a Facebook user named Pendakwah Teknologi tagged Fadzil and posted information about the data leak. He uploaded images of data from the compromised forum, including username, name, surname, date of birth, address, and Identification numbers.

The suspected breach forum post was posted on Christmas day, December 25, 2022, and stated:

  • 3.5 million Astro records were compromised;
  • 1.8 million MAYBANK records were compromised; 
  • 7.2 million SPR records were compromised.

Fadzil responded to Pendakwah Teknologi’s tweet by saying, “This is a significant claimed data leak involving a substantial quantity of data. I shall request that CyberSecurity Malaysia, Malaysia’s Personal Data Protection Department, investigate whether there has been a data leak involving the parties involved and take appropriate legal action.” On December 26, 2022, ThreatMon, a cyber threat intelligence platform, discovered the leak.

Restriction Issued To Block Public Access To The Website

Fadzil stated on Friday that the Ministry of Communications and Digital, in partnership with CyberSecurity Malaysia, is collecting comments from Maybank and Astro to ensure the legality of data ownership. According to the minister, the suspected data breach may allude to an incident that occurred in 2018. According to the inquiry, the Maybank account number information on the website in the issue was either erroneous or non-existent.

Concerning the data regarding the Election Commission, Fadzil stated that the findings of the inquiry would be sent to the National Cyber Security Agency for further action because it falls beyond the purview of Act 709. The minister also said a restriction notice had been sent to prevent the public from accessing the alleged website where the content was uploaded by the Malaysian Communications and Multimedia Commission.

Data Breaches In Malaysia In The Last 24 months

Over the previous two years, data breaches have become increasingly common in Malaysia. KUALA LUMPUR, Malaysia — Another data hack has affected Malaysians. This time, a banking institution, a multimedia and broadcast business, and a government election agency were accused of selling millions of personal records online.

According to the latest claim, the leaked datasets comprise the entire names of around 13 million voters obtained from the Election Commission (EC) and Maybank and Astro Malaysia customers, as well as their MyKad numbers, residences, and mobile phone numbers. In the previous two years, such instances have become increasingly common.

Here, Malay Mail presents some of the significant data breaches that occurred in 2021, putting the nation’s cybersecurity to the test even as the country prepares to adopt 5G broadband networks.

December 30 – Fahmi Fadzil, Malaysia’s Communications and Digital Minister, has charged two agencies with investigating the new data leak accusation involving 13 million users from Malaysia’s largest bank, Maybank, the EC, and satellite broadcaster Astro.

The stolen data was put on a popular online database marketplace, where the vendor requested that interested parties approach them directly over Telegram or utilize the forum’s direct messaging facilities to complete the transaction.

According to, a separate listing appeared on the same day in which the seller claimed to have a personal database of Unifi’s mobile subscribers. The seller requested US$850 (RM3,752) for the deal.

November 28 – An ad was posted on a well-known hacking community forum claiming to sell a 2022 database of 487 million WhatsApp user mobile numbers, 11 million of which are Malaysian numbers, according to several sources.

Accounts from 84 countries are included in the breach. According to the source, Egypt has the most hacked accounts (44,823,547), Italy has 35,677,323, and the United States has 32,315,282. Malaysia ranks 12th with 11,675,894 people.


Malaysian agencies, including the Personal Data Protection Department, have been tasked with investigating a suspected data leak from Maybank, Astro, and the EC. Fahmi Fadzil, Minister of Communications and Digital, said the breach is dangerous since it contains a large amount of information. Fahmi stated this while sharing a Twitter post emphasizing the breach of 13 million Malaysians’ data. The data includes usernames, full names, dates of birth, residences, and identity card numbers, according to the post.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x