TM’s entire customer database allegedly put up for sale

A database seller has claimed to have a massive database that belonged to TM. The seller also said that this database contained “TM’s entire customer data” and has since put it up for sale on a well-known database marketplace forum.

The seller claims that the database has millions of entries

TM Database Incident – 26 Jan 2024

The listing was first highlighted by The Star although the newspaper didn’t specifically mention its location. Nevertheless, we managed to pinpoint the listing given the description provided by the report.

According to the data sample that the seller attached to the listing, it has the user’s name, gender, address, and phone number alongside MyKad number, salary range, and marital status. The database even has the mother’s name as one of the data fields which we assumed is being used for security purposes.

TM Database Incident – 26 Jan 2024

There is also a field that was labelled as card number but we were not able to determine the type of card that is being associated to the data field. However, we also believe that these are not credit or debit card numbers.

Documentation for TM’s backend systems is also part of the deal

TM Database Incident – 26 Jan 2024

With a total file size of 80GB, the seller also has other materials to offer alongside TM’s customer data. Among them include documentation for the telco’s customer database architecture that was prepared by a local enterprise solution consultant, Vision Technology Consulting (VTC).

A quick check through the company’s corporate website has confirmed that it is indeed a supplier to TM. This is because the telco has honoured VTC with the Best System Integrator Supplier award back in 2022.

Aside from that, there is also another database which contains more than 120,000 Windows domain user hashes. Information regarding Operations and Maintenance (O&M), network architecture information, and lightweight directory access protocol (LDAP) data.

Could it be data from previous cyber breach incidents?

Unifi Mobile

If you can recall, TM encountered a major data breach incident back in December 2022 which affected over 250,000 Unifi Mobile customers. The company then faced another incident last July which also involved Unifi customers.

During the December 2022 incident, the types of data that were compromised consisted of customer names, phone numbers and e-mail addresses. The July 2023 incident also involved customer names as well as MyKad/passport numbers and contact details.

However, the sample data attached to the listing contained way more data types than both incidents. So, it is still unclear whether what we saw today is related to any of these data breach incidents.

TM did receive a ransom note, lodged a police report

TM Campus Cyberjaya

Meanwhile, it seemed that the database seller may have reached out to TM since there was a remark at the end of the listing which said that the telco company has the right of first refusal. This means that data will not be sold to other parties if TM bows down to the seller’s demand.

It is not known whether the telco made any payment to the seller but TM has confirmed that it has received a ransom note related to the listing. In a statement, the telco has already investigated the claims and found that the materials were “pre-processed, recycled, and dated,”.

TM has recently received a ransom note, which has prompted an immediate and thorough investigation to verify these claims. Our investigation revealed that the alleged materials are pre-processed, recycled and dated.

Nonetheless, we are treating the situation with utmost seriousness and are dedicated to resolving this issue with high urgency. Therefore, we have engaged the relevant authorities and have lodged a police report.

In the current climate where cyber security incidents are on the rise regionally, TM is steadfast in continuously fortifying our cyber defences and bolstering our resilience against such threats to ensure our customers’ data is secured and safe within our ecosystem. We adhere strictly to all applicable laws and regulations, ensuring that our practices meet the highest standards of security and responsibility.

To this end, we are continuously implementing advanced security measures and refining our security protocols to ensure the integrity and confidentiality of all information under our care.