Last Friday (18th October), a breach of security occurred on the university’s servers run by University of Malaya (UM). It caused massive panic among the university’s personals and students as messages were passed around warning others about the hack.
The university initially denied any of their data or information were compromised during the breach. However, a file was found several hours later, in an anonymous file-sharing – containing information involving the academic and non-academic staffs of the university.
According to tech website Lowyat, the first part of the leaked data contained payslip details such as bank names and account numbers, which were matched to staff names, as well as MyKad and staff ID numbers.
The second part was somewhat smaller in size but contained additional confidential information of Employees Tax (IRB) numbers, EPF numbers, department, branch location, position as well as salary information.
The discovery also include 24,000 email ID’s alongside hashed login credentials inside the second part, with Lowyat strongly believing that the login credentials was part of the E-pay website, also run by UM, defaced in the day before.
The person or group that have come forward to claim the responsibility for breath called themselves, MrX. In a Facebook post made by MrX, they criticised the security measures of UM towards the protection of their data, using words like “Nothing is secure” as part of their critism.
Despite the breach, MrX have claimed that they have no ill will towards the students however claiming that “We are love All UM student “. The breach have prompted the investigation by the JPDP, Personal Data Protection Department, who state they are currently looking into the report regarding the matter.
On the other hand, a new post yesterday made by MrX have left many nervous with them ending the post with “Next target. You are never stop it.” as if to indicate their intention to hack another institution or organisation.