[BreachExchange] Astro suffers another data breach, in the midst of informing affected customers

Destry Winant destry at riskbasedsecurity.com
Thu Aug 22 11:04:57 EDT 2019


Astro has suffered another data breach, making this the company’s
second known data leak in the span of 18 months.

In an announcement on its official website, Astro states that it had
noticed unauthorised access to its customers’ MyKad data which holds
details including IC number, date of birth, gender, race and address.

“Less than 0.2% of our customers are affected in this incident and we
are in the process of informing them,” the statement reads.

Astro claims that its customers' financial data is not compromised,
and that it had addressed and stopped the unauthorised access

“We informed the police, Malaysian Communications and Multimedia
Commission, and the Department of Personal Data Protection,” said the
statement, adding that it is working closely with the authorities to
address the issue.

“We take the protection of our customers’ personal information
seriously and have taken steps to enhance and further strengthen our

When contacted, Astro stated that it will not be able to comment
further on the incident to facilitate the ongoing police

In June last year, technology news portal Lowyat.net had claimed that
personal data of Astro customers were offered for sale online for
RM4,500 for 10,000 records.

The seller reportedly was offering 60,000 Astro IPTV customer details
including names, installation addresses, IC numbers, equipment and
portal ID number, as well as information on the subscribed packages.

Lowyat.net claimed that it had earlier alerted Astro on the first data
breach in January 2018.

More information about the BreachExchange mailing list