Data leaks: Reduce human element at telcos, says DAP MP

tan-kok ping

KUALA LUMPUR: An opposition MP wants telecommunications companies to look into doing away with the human element in dealing with sensitive and confidential data.

Stampin MP Julian Tan Kok Ping said if humans were needed to maintain the hardware of data storage, telcos should impose higher levels of screening to prevent data leaks.

“Data leaks are an inside job, most probably done by people entrusted with tasks,” he said, referring to password data storage.

“The lesser the human element in such matters, the better.”

Speaking to FMT, Tan, who is a technology consultant, said if telcos could not do away with human elements, they should look into implementing security measures such as biometric screening.

He was asked to comment on the recent leak involving the personal data of over 46.2 million mobile phone and virtual network operator subscribers in the country.

The leak is believed to have occurred during the data transfer process at a telecommunications company.

Technology news site lowyat.net said the leak included postpaid and prepaid numbers, customer details, addresses and SIM card information.

The data was from various telcos including DiGi, Celcom, Maxis, Tunetalk, Redtone and Altel.

Inspector-General of Police Mohamad Fuzi Harun said it was possible that some of the company’s employers were trying to take advantage of the situation during the data transfer.

Tan said the data leak was a serious matter as it opened the door to identity theft.

“They have our IC, email address and other information. If they were to email us with our particulars, it could be more convincing,” he said.

He advised people to use auto-generated software such as Dashland, and anti-virus software which allows users to save and regularly change passwords.

He also advised them to keep tabs on auto-change passwords, which are harder for hackers to access.

“A lot of people tend to have the same password for different accounts.

“If it is hacked, it is easy to hack almost all the accounts. Auto software saves passwords and reminds users of their password if it is forgotten.”

Tan also suggested that telcos hire hackers to test their systems regularly and ensure that they cannot be accessed without authorisation.

“It is to ensure that the system has no back-door access for other hackers, and to make sure the level of encryption technology employed by the company is up to date.”

He said the government could also impose fines on the companies involved in the data leak so that they would be serious about taking future preventive measures.

“At the end of the day, a service provider is one person who has access to confidential data,” he said.