This comes months after an earlier report by the same website claiming that the personal data of millions of Malaysians had been stolen and was being sold online.
“While the total number of records of this leak is nowhere near the massive amounts of data leaked in the mobile telco data breach that we reported back in October 2017, this leak contains one very serious implication where it reveals personal information of a nominated next-of-kin.
“This doubles up the actual number of records leaked to 440,000, and also links two individuals to each other in a binding relationship — whether it may be husband/wife, siblings or parental,” Lowyat.net said in its latest report.
The online forum said that the leaked files are updated up to August 31, 2016, and contain complete listings of a donor’s MyKad details, contact number, home address, organs which will be donated as well as the information pertaining to the next-of-kin.
Lowyat.net pointed out that the leaked data contains sign up data from government hospitals as well as the National Transplant Resource Centers across the country.
The online forum explained that this meant that said information was originally retrieved from a central database, and that the files were first uploaded online to a popular file sharing service on September 29, 2014.
“The data dump is divided into files, by year of sign up — from 1997 till 2016, however, for reasons we are not able to ascertain, all data from 1997 to 2008 is filled with auto generated dummy data, rendering them useless.
“The data dump from January 2009 to August 2016 however contains complete personal details of around 220,000 individuals who have signed up as organ donors, as well as personal details of their next of kin,” the report added.
What is alarming is that the file dump also includes an annual breakdown of demographic data of all organ pledgers by sex, race, origin, types of organs as well as age groups.
Lowyat.net said it has already alerted the Department of Personal Data Protection of the alleged data leak before the report was published.
The Malaysian Communications and Multimedia Commission (MCMC) has yet to comment on this leak at the time of writing.
In October, the MCMC had instructed the forum to take down the article on October 19 soon after it was published. The regulator later explained in a statement that the order to take down the report as a “preventive measure”.
Lowyat.net then restored the original article on October 20 with MCMC’s approval.