Personal details of over 200,000 Malaysian organ donors and their next of kin have been leaked, with the data available online for over a year, a local tech portal reported on Tuesday.
This is the second big data leak reported in Malaysia in three months. In November, Malaysia said it was investigating an alleged attempt to sell personal data of more than 46 million mobile phone subscribers online, in what could be one of the largest leaks of customer data in Asia.
Files containing details of 220,000 pledged organ donors were leaked online as early as September 2016, Lowyat.net reported on Tuesday. The source was not identified.
Leaked data includes the donor’s name, identification card number, race, nationality, address and phone numbers, it said. The data also contains details of each organ donor’s one nominated next of kin, taking the total number of data leak victims to 440,000.
Based on the details and the scale of the data, it was likely leaked from a central database, the report said.
The country’s internet regulator, the Malaysian Communications and Multimedia Commission (MCMC), said it was assisting the police in their investigations into the reported leak. The police did not have an immediate comment.
Vijandren Ramadass, the founder of Lowyat.net, told Reuters that the portal discovered the leak being shared on a popular file sharing site for free.
“The files are still online now. We did submit a direct request to the host on Sunday to remove the files but we didn’t get any response,” he said.
Lowyat.net also uncovered the data leak of mobile phone users last year.
That data of 46.2 million customers was extensive enough to allow criminals to create fraudulent identities to make online purchases, cybersecurity experts have said. It also contained personal data from some medical associations and a jobs portal.