KUALA LUMPUR: The Communications and Multimedia Minister declined to comment on a news report that the massive data breach of Malaysian mobile subscriptions could be traced to a phone blocking service initiated by the Malaysian Communications and Multimedia Commission (MCMC).

“I don’t want to comment. Ask the MCMC,” Datuk Seri Dr Salleh Said Keruak told reporters in Parliament here on Monday.

Earlier Monday, an MCMC spokesperson said the ministry would address the issue in Parliament.

This follows a special report by news portal Malaysiakini that after analysing the data from the breach, it traced the source to the Public Cellular Blocking Service (PBCS).

In 2013, The Star reported that MCMC had appointed a company called Nuemera Sdn Bhd to manage the PCBS, which would render stolen handphones unusable within three hours of the owners reporting the devices missing. Even changing the SIM cards would not reactivate them.

All mobile service operators were told to install an Equipment Identity Register (EIR) so that the 15-digit International Mobile Station Equipment Identity (IMEI) code, a number unique to every phone, can be blacklisted if the device is reported stolen.

Each EIR was supposed to be linked to a Malaysian Central Equipment Identity Register (MCEIR), to which the IMEI codes of stolen phones would be forwarded, a telecommunications industry source told The Star at the time.

The source said all blacklisted IMEI codes would then be stored in the EIRs to render the phones unusable on any network and to block any attempt to reactivate the devices with new SIM cards.

Once blocked, the phone cannot ever be reactivated.

MCMC chief operating officer Mazlan Ismail told Malaysiakini that he could not answer if the leak and the PCBS were connected.

The data breach itself is believed to have occurred in 2014, but news only broke in October this year when an unknown person tried to sell the stolen data on the forums of technology news portal LowYat.net.

The data also includes private information of more than 80,000 individuals leaked from the records of the Malaysian Medical Council, the Malaysian Medical Association, and the Malaysian Dental Association, as well as users of recruitment portal JobStreet.

The MCMC and police are both investigating the breach, and earlier this month, Salleh Said said the probe was almost complete.

Inspector-General of Police Tan Sri Mohamad Fuzi Harun said police had identified the potential source of the breach.

“There is a possibility that this (the breach) occurred after several employees from a company tasked with transferring the data took advantage of the situation,” he told reporters on Nov 17.

While not disclosing much on the company, Mohamad Fuzi said the company itself was not involved in the breach.

“I can’t reveal everything at the moment, but we have leads as to how it happened. I believe we have identified those involved.

“Our investigations are still ongoing,” he said then.

This story has been amended to add comments made to Malaysiakini by MCMC