Is our private data really private?

In the middle of last month, I received a phone call from a so-called “Institut Minda Selangor”, which was doing a poll to gauge support for Selangor’s Pakatan Rakyat/Harapan state government.

Now, one would think there would be no problem with just answering a few questions and submitting to a poll, but this is different.

Some details – the phone number I have is a prepaid SIM card purchased from Maxis by my younger brother as a birthday present ages ago. In fact, it could have been close to seven or eight years ago.

And thus, he registered it under his name. It works just fine, other than the fact that the whole “birthday treat” comes in August and confuses me once a year – it’s a good reminder though.

Thus, when the pollster calls up and mentions my brother’s name instead of my own, we do have a problem. You see, only three people would know that this phone number of mine is registered under my brother’s name – myself, my brother, and the telco itself.

So, where would the pollster have gotten the information?

I decided to take this case to Facebook, and as such, the telco provider has given feedback that their system is secure without a breach. However, they couldn’t provide an answer as to how the pollster could have gotten the details known only to three parties, two of which are pretty much secure and would never reveal that information.

Thus, at this point, I’m pretty much resigned to the fact that someone is leaking phone numbers, private information, to pollsters. As to who is doing it, perhaps it can be found out by finding the pollsters since telcos are all convincing that their data handling – from initial registration of buying a SIM card from a kedai runcit or even 7-Eleven, is secure and without a leak.

To those who got the same phone call, perhaps it is time to take note that your data has been sold off to would be pollsters, promoters, and maybe even fraudsters, and perhaps it is time to think about where they got it from.


3 thoughts on “Is our private data really private?

  1. i just received a call from them too. Says they are doing survey for politic stuff. The caller claims that she get my number from Institute Minda Selangor. should i report this to telco too?


    1. I just did a Google search on “Institut Minda Selangor” and it drew a blank, apart from one of Hafidz’s articles in The Sun Daily, this blog site and a couple of posts regarding calls from the number 03-2770-2514 on the WhoCalleMe dot com site.

      I have been receiving these cold calls for many year now, even long before the Personal Data Protection Act came into force on 15 November 2013 and I strongly suspect that they were leaked or perhaps just given away or sold by banks, credit card companies, telcos, their outsource service providers or whoever has our personal data, including our mobile or fixed line numbers.

      A promoter had signed me up for am AmBank credit card in 2006 as well as a personal accident insurance policy which was charged to the card in monthly instalments of around RM30 or so per month, which I made a point to settle in full each month. I did not and do not use this card t make other purchases.

      Then around 2007 or 2008, I received a cold call on my mobile phone which I was in my car, informing me that I owned an outstanding balance of over RM3,000 and had to settle promptly. I told the caller that I did not owe that much and there must be something wrong here. At that point I believed that the caller was genuinely from AmBank credit card section, so I went along with the verification process with the caller and thank God the line dropped just before I was about to give out the three digit number beside my signature at the back of the card.

      Still in a panicked state, I called back but the number was engaged and then I noticed that it was from a mobile phone number, so I decided to call the AmBank help line from my fixed line once I got home and when I did, I was informed to ignore such calls which were scams.

      About four of five years ago, I had already got a Unifi line and had been settling the bill regularly each month and one morning I received a call on my Unifi line and a fixed line number appeard on my DECT phones and the voice informed me that I owed Telekom Malaysia over RM3,000.

      After my earlier experience, I told the caller that I would go to TM Pointto check this out and when I went to the TM Point in PJ New Town, I was informed that my amount outstanding was regular and that it was a scam and if I wanted them to take action, I would have to lodge a police report. I did not get round to lodging a police report and just left it.

      Last year or the year before, I got a call on my mobile phone informing me that over RM1,000 had been charged to my RHB credit card at KLIA and I told the caller that I was at home and had not been to KLIA for many months.

      The caller knew my full name and MyKAD number and said that credit card had been obtained in my name, with a home address in Puchong. Well my home is in Petaling Jaya and I have no property, nor have I ever lived at a Puchong address and I told the agent so but she insisted that there was an RHB credit card linked to my full name and MyKAD number with that address in Puchong.

      The fact of the matter is that I do not have an RHB credit card, nor a bank account with any branch of RHB, so I told the caller that I will go to RHB branch in the area where I live to check this matter out.

      When I got to theRHB branch and told the reception the purpose of my visit, he told me that it was a scam and that the bank’s employees had also been receiving such calls and not to entertain them.

      However, I insisted that I want to see a bank officer and when I met the officer, I related this incident to her and asked her to check to see if an account in my name and linked to my MyKAD number existed in their system, just in case someone had fraudulently opened an account in my name with my oersonal details.

      She checked with my MyKAD number on the bank’s computer and confirmed that no account in my name or related to my MyKAD number existed in their system.

      The question here is, why don’t these telcos and financial institutions do more about these fake calls, especially when so many of their customers and non customers complain about receiving them.

      Also, what are the relevant authorities doing about them.

      It looks like the onus is on us, the suffering people to bi vigilant against such calls and to take actions such as to contact the telco,bank or credit card company to ensure that our personal details have nt been fraudulently used to open accounts and so forth.

      As it stands, the MCMC, Cybersecurity Malaysia, the police nor any other agency has not yet identified the culprits at that outsource company who leaked the personal details of 46 million mobile subscribers after over a month or more.

      And more Malaysians are said to be increasingly engaging in e-commerce and e-government online but how safe is our confidential data, despite all the crap we are being told about, cyber security, public key/private key security, 1024, 2049, 4096 or more bits encryption and so forth.

      Despite all this “gee whiz” technology and the techno-gobbledegook fed to journalists writing about ICT, the the weakest link in all this is the human being responsible for keeping confidential people’s data, whilst the rest is all IT scheiss.

      Now you know why I call my blog and myself “IT.Scheiss”.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s