Is our private data really private?

In the middle of last month, I received a phone call from a so-called “Institut Minda Selangor”, which was doing a poll to gauge support for Selangor’s Pakatan Rakyat/Harapan state government.

Now, one would think there would be no problem with just answering a few questions and submitting to a poll, but this is different.

Some details – the phone number I have is a prepaid SIM card purchased from Maxis by my younger brother as a birthday present ages ago. In fact, it could have been close to seven or eight years ago.

And thus, he registered it under his name. It works just fine, other than the fact that the whole “birthday treat” comes in August and confuses me once a year – it’s a good reminder though.

Thus, when the pollster calls up and mentions my brother’s name instead of my own, we do have a problem. You see, only three people would know that this phone number of mine is registered under my brother’s name – myself, my brother, and the telco itself.

So, where would the pollster have gotten the information?

I decided to take this case to Facebook, and as such, the telco provider has given feedback that their system is secure without a breach. However, they couldn’t provide an answer as to how the pollster could have gotten the details known only to three parties, two of which are pretty much secure and would never reveal that information.

Thus, at this point, I’m pretty much resigned to the fact that someone is leaking phone numbers, private information, to pollsters. As to who is doing it, perhaps it can be found out by finding the pollsters since telcos are all convincing that their data handling – from initial registration of buying a SIM card from a kedai runcit or even 7-Eleven, is secure and without a leak.

To those who got the same phone call, perhaps it is time to take note that your data has been sold off to would be pollsters, promoters, and maybe even fraudsters, and perhaps it is time to think about where they got it from.

Advertisements

4 thoughts on “Is our private data really private?

  1. i just received a call from them too. Says they are doing survey for politic stuff. The caller claims that she get my number from Institute Minda Selangor. should i report this to telco too?

    Like

    1. I just did a Google search on “Institut Minda Selangor” and it drew a blank, apart from one of Hafidz’s articles in The Sun Daily, this blog site and a couple of posts regarding calls from the number 03-2770-2514 on the WhoCalleMe dot com site.

      I have been receiving these cold calls for many year now, even long before the Personal Data Protection Act came into force on 15 November 2013 and I strongly suspect that they were leaked or perhaps just given away or sold by banks, credit card companies, telcos, their outsource service providers or whoever has our personal data, including our mobile or fixed line numbers.

      A promoter had signed me up for am AmBank credit card in 2006 as well as a personal accident insurance policy which was charged to the card in monthly instalments of around RM30 or so per month, which I made a point to settle in full each month. I did not and do not use this card t make other purchases.

      Then around 2007 or 2008, I received a cold call on my mobile phone which I was in my car, informing me that I owned an outstanding balance of over RM3,000 and had to settle promptly. I told the caller that I did not owe that much and there must be something wrong here. At that point I believed that the caller was genuinely from AmBank credit card section, so I went along with the verification process with the caller and thank God the line dropped just before I was about to give out the three digit number beside my signature at the back of the card.

      Still in a panicked state, I called back but the number was engaged and then I noticed that it was from a mobile phone number, so I decided to call the AmBank help line from my fixed line once I got home and when I did, I was informed to ignore such calls which were scams.

      About four of five years ago, I had already got a Unifi line and had been settling the bill regularly each month and one morning I received a call on my Unifi line and a fixed line number appeard on my DECT phones and the voice informed me that I owed Telekom Malaysia over RM3,000.

      After my earlier experience, I told the caller that I would go to TM Pointto check this out and when I went to the TM Point in PJ New Town, I was informed that my amount outstanding was regular and that it was a scam and if I wanted them to take action, I would have to lodge a police report. I did not get round to lodging a police report and just left it.

      Last year or the year before, I got a call on my mobile phone informing me that over RM1,000 had been charged to my RHB credit card at KLIA and I told the caller that I was at home and had not been to KLIA for many months.

      The caller knew my full name and MyKAD number and said that credit card had been obtained in my name, with a home address in Puchong. Well my home is in Petaling Jaya and I have no property, nor have I ever lived at a Puchong address and I told the agent so but she insisted that there was an RHB credit card linked to my full name and MyKAD number with that address in Puchong.

      The fact of the matter is that I do not have an RHB credit card, nor a bank account with any branch of RHB, so I told the caller that I will go to RHB branch in the area where I live to check this matter out.

      When I got to theRHB branch and told the reception the purpose of my visit, he told me that it was a scam and that the bank’s employees had also been receiving such calls and not to entertain them.

      However, I insisted that I want to see a bank officer and when I met the officer, I related this incident to her and asked her to check to see if an account in my name and linked to my MyKAD number existed in their system, just in case someone had fraudulently opened an account in my name with my oersonal details.

      She checked with my MyKAD number on the bank’s computer and confirmed that no account in my name or related to my MyKAD number existed in their system.

      The question here is, why don’t these telcos and financial institutions do more about these fake calls, especially when so many of their customers and non customers complain about receiving them.

      Also, what are the relevant authorities doing about them.

      It looks like the onus is on us, the suffering people to bi vigilant against such calls and to take actions such as to contact the telco,bank or credit card company to ensure that our personal details have nt been fraudulently used to open accounts and so forth.

      As it stands, the MCMC, Cybersecurity Malaysia, the police nor any other agency has not yet identified the culprits at that outsource company who leaked the personal details of 46 million mobile subscribers after over a month or more.

      And more Malaysians are said to be increasingly engaging in e-commerce and e-government online but how safe is our confidential data, despite all the crap we are being told about, cyber security, public key/private key security, 1024, 2049, 4096 or more bits encryption and so forth.

      Despite all this “gee whiz” technology and the techno-gobbledegook fed to journalists writing about ICT, the the weakest link in all this is the human being responsible for keeping confidential people’s data, whilst the rest is all IT scheiss.

      Now you know why I call my blog and myself “IT.Scheiss”.

      Like

  2. Dear Hafidz,

    It’s been a while since our Mobile World days.

    We all now know of the leak of all telcos’ customer details as of 2014 right down to phone IMEI, IMSI and SIM codes believed by someone in an outsource company contracted to operate a stolen phone blocking service on behalf of the MCMC.

    More recently, I received a call on my Unifi fixed line number whereby a seemingly recorded voice informed me that my account was terminated and to press 0 to talk to the agent.

    I pressed 0 and the “agent”, a man speaking in Malay in what sounded like an Indonesian accent told me that my Unifi account in Kuantan had been terminated because it had been used to operate and illegal Internet gambling operation.

    To save me typing, below is the text of the letter reporting the incident to Telekom Malaysia in my lousy Bahasa Malaysia. My Unifi number and certain other details have been redacted.

    Per: Pangillan yang pelik

    Lebih kurang waktu 9.15 pagi, 2 November 2017, saya menerima panggilan pada nombor telefon Unifi saya 03-nnnnnnnn and suara memaklum saya bahawa perhidmatan saya akan di tamatkan dan suruh saya tekan suatu numbor untuk cakap dengan agent membantu.

    Agen itu memaklum saya bahawa saya telah memohon nombor TM di Kuantan bernombor 09-5nnnnnn pada haribulan 7 Ogos 2017 tetapi saya kata bahawa saya lama tidak pernah pergi ke-Kuantan, saya tidak ada di-Kuantan pada haribulan 7 Ogos 2017 dan saya tidak memohon nombor itu di Kuantan.

    Agen itu tanya saya ada ke saya bagi MyKAD saya kepada siapa atau ada ke saya bagi maklumat MyKAD saya kepada siapa. Saja jawab bahawa saya tidak bagi MyKAD saya kepada siapa tetapi saya ada menulis nombor MyKAD saya pada beberapa borang atau buku daftaran.

    Beliau maklumkan saya bahawa nombor 09-5nnnnnn yang beliau kata di-mohon dengan maklumat MyKAD saya di salah-guna unto menjalani Internet judi haram dan suruh saya pergi membuat lapuran polic di balai polis Kuantan.

    Saya kata itu jahu dan agen itu kata beliau boleh membantu saya jika saya tekan nombor 999 dengan tidak letak talian saya. Beliau kata saya perlu bagi maklumat kepada balai polis Kuantan sebagai di-bawah:-

    No. telefon di Kuantan yang di-salah guna – 09-5nnnnnn Alamat di Kuantan: Taman Tunas Fasa 2, No nn. Lorong 2. 25300 Kuantan Pahang.

    Beliau kata nama beliau – XXXXXXXXXXXX ID. TMX042511, nombor yang beliau panggil daripada ia lah 03-22409494.

    Saya kata mahu pergi ke TM Point untuk tanya mengenei perkara ini.

    Agen kata TM Point tidak boleh aksess maklumat tentang no telefon 09-5nnnnnn kerana nombor itu di blokan oleh TM.

    Agen maklumkan saya bahawa perbualan kami di-rekodkan dan akan di hantar ke balai polis Kuantan dan saya mesti tekan 999 dengan tidak letak talian untuk buat laporan polis ke-atas salah guna maklumat MyKAD saya untuk memohon nombor yang di salah guna untuk menjalani Internet judi haram.

    Suara agen ini macam suara orang Indonesia dan saya kata saya mahu ingat dahulu dan akan pergi ke TM Point untuk tanya mengenei perkara ini. Saya tidak tekan nombor 999.

    Nampak nya pangillan ini terlalu pelik dan saya harap pihak tuan boleh membantu saya selesaikan perkara ini.

    Sekian terima kasih
    =================

    I did a Google search on 03-22409494 and found that it was the general like of the Telekom Malaysia HQ on Jalan Pantai. I called it and the operator told me to ignore such calls as they were scams and asked me to report it to 100. I told the operator that I would personally go to TM Point.

    Also a Google Maps search on “Taman Tunas, 25300 Kuantan, Pahang” shows no “Lorong 2”. Roads in this area have names beginning with “Lorong Seri Setali” followed by a road number.

    I personally handed the letter over to TM Point, PJ New Town but so far have not had any response from them.

    A lot worse happened to a friend and neighbour of mine where a caller using the same modus operandi and accused her of money laundering and jail, and thus scared and deceived her into depositing a total of nearly half a million ringgit into three accounts named by the caller.

    It later dawned on her that this was a scam and she lodged a police report, then went to the bank and had the three said accounts frozen. The bank told her that other had been similarly scammed.

    From what she told me, she had learned that such scammers find some poor or desperate person to open a bank account, presumably for a fee and give the ATM card with PIN number to the scammer.

    This scammer claimed to be from the Kedah police.

    When deceived people deposit money into the account or accounts, the scammer withdraws the money up to the daily withdrawal limit. So lucky for my friend, she had not lost very much by the time the accounts were frozen.

    She has engaged a lawyer to get a court order for the bank to return the money.

    Whilst mainstream media, alternative media, blogs and social media had been whacking the MCMC and its outsource service operator over the breach of the account details of 46.2 million Malaysian mobile subscribers, there has been little or no publicity about the activities of these scammers who appear to be using subscriber details from this leaked data to call and deceived people, as well as the plight of people who have fallen for their deception.

    Also, no further news about the progress of the MCMC and Police in tracking down the culprits who eaked the data.

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s