PETALING JAYA: The leak involving Astro customers’ data, which was offered for sale on the Low Yat forum for as low as 45 sen a record, only involves IPTV (Internet protocol television) customers, says the broadcaster.

“Firstly, this relates to IPTV customers provisioned by Maxis only.

“The management of IPTV customers is a joint responsibility between Astro and its telco partner, Maxis Broadband Sdn Bhd.

“No other Astro customers were affected,” the company said in a statement issued yesterday to clarify media reports concerning the unauthorised disclosure of Astro IPTV customer data.

Astro was made aware of the incident on Jan 26, it added.

“On the same date we sought assistance from MCMC (Malaysian Communications and Multimedia Commission) and had the search engine provider remove the link.

“All traces of customer data online were immediately removed. Subsequently, Astro lodged a police report on Feb 8,” the company said.

Protecting customer data was of utmost importance to Astro and it had complied with all data protection protocol and obligations, the statement added.

“In any case, we have revalidated all our security measures and confirmed that they are intact.

“It has now come to our knowledge that this data has resurfaced and Maxis was promptly requested to help with the investigation.

“We lodged a second police report today (yesterday), informed MCMC and will also lodge a report with the Department of Personal Data Protection,” the company said.

Lowyat.net claimed that the personal data of Astro customers were offered for sale online.

The technology news portal said yesterday that the data was being sold for RM4,500 for 10,000 records or 45 sen a record.

The seller was offering 60,000 Astro IPTV customer details, including the names, installation addresses, identity card numbers, mobile phone numbers, equipment and portal ID numbers, as well as information on the subscribed packages.

Lowyat.net stumbled upon the same person selling 50,000 records back in January, although at that time it was being sold for RM3,000 for 10,000 records.

It also claimed that it notified Astro about the data breach back then, with Astro assuring it that the broadcaster took protection of customer data seriously.

Lowyat.net said it had also alerted the relevant authorities about its findings.

“We are once again calling out to all organisations to ensure that they exercise due care and diligence in ensuring the safety of the personal data that has been entrusted to them,” it said.

In October 2017, the personal details of some 46.2 million mobile service subscribers in Malaysia were leaked online in what was believed to be one of the largest data breaches ever in the country.