PETALING JAYA: Universiti Malaya (UM) and the Personal Data Protection Department (JPDP) said they are aware of and are looking into a report claiming that the varsity has suffered a massive data breach.
Technology portal Lowyat.net on Friday (Oct 19) night reported that personal data of both UM academic and non-academic staff, including payslips and bank account details, were leaked on an anonymous file-sharing site.
The portal reported that the first part of the leaked data contained payslip details such as bank names and account numbers, which were matched to staff names, as well as MyKad and staff ID numbers.
The second part included Employees Tax (IRB) and EPF numbers, department, branch location, position, salary information, and up to 24,000 login IDs and hashed passwords believed to be from UM’s E-Pay Cashless Payment and Records portal.
In a statement on Friday afternoon, UM claimed that no data was compromised when the E-Pay portal was defaced.
The defaced portal carried a protest message that included hashtags #NoRasis and #UndurVC before it was taken down.
A Malaysian Communications and Multimedia Commission (MCMC) spokesman said the regulatory body will only provide technical assistance upon request.
On Friday, The Star sighted a series of WhatsApp messages circulated by students warning others against accessing any of UM’s other portals for the next 24 hours.
Some claimed that more than one UM portal had been hacked, and it’s likely to put their information at risk if they logged in.