In a Facebook post, it urged students to make a police report if they spotted the hacker’s accounts, as the university's IT Department is closed for the weekend.
It also advised students to avoid logging in to UM websites or WiFi networks, and to change their email passwords.
The page also shared a screencap of a hacker's Twitter account with the username MrX who posted links to what’s claimed to be the data of UM staff.
One Twitter account belonging to MrX has already been shutdown, most likely after UMSU highlighted it.
A Facebook page with the same name claimed to be the hacker responsible for the purported attack and blamed UM for having poor security.
The person claimed that the fault should lie with the university for not prioritising security.
UM's E-Pay Cashless Payment and Records portal which was was defaced on Thursday (Oct 18) displayed a protest message that that included hashtags #NoRasis and #UndurVC before it was taken down.
Technology portal Lowyat.net on Friday (Oct 19) night reported that personal data of both UM academic and non-academic staff, including payslips and bank account details were leaked on an anonymous file-sharing site.
It said that the first part of the leaked data contained payslip details such as bank names and account numbers, which were matched to staff names, as well as MyKad and staff ID numbers.
The second part included Employees Tax (IRB) and EPF numbers, department, branch location, position, salary information, and up to 24,000 login IDs and hashed passwords believed to be from UM’s E-Pay portal.
At the point of writing, UM has yet to confirm or deny the data breach. And MrX claimed more info will be leaked on the text storage site.
What do you think of this article?