UPDATED: The Sad State Of Data Protection In Malaysia, Why You’re Getting Scam Calls & What We Should Do To Protect Our Data

Illustration by: Giacomo Bagnara

Update: So it was brought to my attention that the police investigation into Nuemera Sdn. Bhd. concluded with authorities clearing Nuemera of any wrongdoing. It turns out that after an extensive six month investigation (in which Nuemera had given its full cooperation to the police), there was insufficient evidence that Nuemera was the source of the leak. 


There seems to be data leaks happening left, right and centre these days. With the UM payment portal and petrol subsidy microsite recently hacked, it comes as no surprise to find out that a recent study by British tech website Comparitech on privacy and surveillance in 47 countries placed Malaysia as the fifth-worst country in terms of protecting the personal data of its citizens.

In case you forgot or perhaps didn’t know, Malaysia’s history with data leaks is as ironic as it gets. You see, back in 2017, there was a massive leak… from the very system that the MCMC had commissioned to stop that from happening. You see the irony? #OnlyinMalaysia

So if you’ve been the victim of scams or shady phone calls and you’ve been wondering how in God’s good name these people got your number, here’s how.

A company called Nuemera (M) Sdn Bhd was originally contracted to manage MCMC’s Public Cellular Blocking Service (PCBS), which was launched back in February 2014 as a means for stolen phones to have it’s calls, texts and even internet access blocked even if the perpetrator changed sims.

Sounds great, right?

Well in order to do that, the Malaysian Central Equipment Identity Register was created, which is basically a database of International Mobile Equipment Identity (IMEI) numbers. IMEI numbers are important because it allows authorities or whoever with the number, really, to identify mobile phones. Now, this would require all the telcos to give up the IMEI numbers as well as other personal data of it’s customers, which of course, they did. Fast forward to the data leak in 2017 and boom, you have your uptick of scam calls and what not.

The rest as they say, is history! How on earth did Nuemera manage to screw up this badly and expose the personal data of 46.2 million Malaysians? Only God knows. Of course, the government has since terminated its contract with the company and legal proceedings are currently underway.

If you’re wondering what the government are doing to ensure that we step up our game? Well, in an interview with The Star earlier this month, Minister of Communications and Multimedia Gobind Singh Deo  said that they’re currently looking at the European Union’s General Data Protection Regulation (GDPR) as a reference to come up with their own model for the country, which he hopes to table in Parliament by the mid 2020.

While the Government is taking steps in the right direction, individual users too, have a role to play. Kaspersky General Manager of Southeast Asia, Yeo Siang Tiong, had this to say:

“We highly encourage Malaysians to be more critical in giving out their personal data to another party, be it for work, business transactions, loan applications, education etc.  We should cross check how this data will be used, and more so how it will be kept or stored.” 

On top of that, he also encourages all Malaysian’s to practice the following precautions:

  •  Patching and updating software as soon as options are available
  • Encryption for sensitive data
  • Using strong passwords and 2-Factor Authentication
  • Reviewing access given to apps for data
  • Avoiding using public computers and Wi-Fi for critical transactions

Remember guys, data is an extremely valuable asset in this day and age, and we should be very careful with how we give out our personal data. One of the first things we buy for our smartphones are physical protective covers but not security software. With the amount of online banking we do these days, it’s about time we change that.






Share this post:

Share on facebook
Share on twitter
Share on pinterest

One Response

  1. In the interest of accuracy (and avoid any potential liability), your article should take into account the latest media reports last 48 hours that indicate that Nuemera was not responsible for our leaked details. Apparently the extensive 6-month Police investigations involved not only Nuemera, but also the various telcos and MCMC itself. The Police even visited the MCMC’s data centre where the PCBS system servers are hosted. So if Police have cleared Nuemera (but not the rest), could there be a bigger picture that we are not seeing?

    Here’s The Star’s most recent report about this:


Leave a Reply

Your email address will not be published. Required fields are marked *