UiTM says data leaked online did not come from its system


A UiTM building at Lembah Sireh in Kota Bharu, Kelantan. Over one million student records have been compromised in a massive data leak. — SAZUKI EMBONG/The Star

A UiTM building at Lembah Sireh in Kota Bharu, Kelantan. Over one million student records have been compromised in a massive data leak. — SAZUKI EMBONG/The Star

Universiti Teknologi MARA (UiTM) vice-chancellor Emeritus Prof Datuk Dr Hassan Said says the university takes its cybersecurity seriously, having a comprehensive security protocol that covers components from protection of private and official information from unauthorised parties. 

In a statement released on Jan 25, he adds that the level of cybersecurity for UiTM is on par with other organisations in Malaysia, as proven by its Information Security Management System ISO 27001:2013 certificate awarded by SIRIM QAS International Bhd, in January.

The screen shot displayed in tech portal LowYat.net's earlier report shows formatting of information that is not used or generated by any of UiTM's internal systems, he added.

This shows that the information has been edited or manipulated by irresponsible parties, and proves that the information is not gleaned from a hack of UiTM's systems, he insisted, thus UiTM is confident that the systems it has in place are secure, safe and trustworthy. 

UiTM says it is also performing an internal investigation to ensure that there has been no wrongdoing by any UiTM staff. Should any proof of wrongdoing be found, UiTM will not hesitate to take legal action against the responsible party.

Lowyat.net had earlier reported that records of 1,164,540 students – mainly those who enrolled between 2000 and 2018 – have been compromised. 

The portal's report included screenshots which revealed personal details like student name, MyKad number, house address, email address, campus codes, campus names, programme codes, course levels, student ID and mobile numbers. 

The portal stated that the records belong to students from UiTM campuses around the country, including the main campus in Shah Alam, Selangor. 

It also stated that students who enrolled in UiTM accredited courses at external colleges like Kolej Yayasan Terengganu, Institut Teknologi Perak and Institut Yayasan Bumiputera Pulau Pinang are also affected. 

The data breach had apparently occurred between February and March 2018 according to Lowyat.net's anonymous sources.

Related story:
Records of more than a million UiTM students leaked online